Empty passwords vs ssh-agent?
Andrew Shewmaker
shewa at inel.gov
Fri Jul 18 18:12:12 EDT 2003
John Harrop wrote:
> I'm currently switching our system from using r-commands to ssh. We
> have a fairly small system with 27 nodes. The only two options I can
> see with ssh are empty passwords and ssh-agent. The first looks like it
> isn't much better for security than r commands. (We do have ssh with
> passwords and known hosts on a portal machine.) Using ssh-agent on a
> cluster looks like a potentially big hassle. Or am I mistaken about the
> last impression? After all, we have nodes that are almost hitting up
> time of 400 days so ssh-add would only have been run once for each
> cluster user.
>
> What are people using as the clusters get bigger?
>
> Thanks is advance for your comments and thought!
>
> Cheers,
>
> John Harrop
Have you heard of Keychain? http://www.gentoo.org/proj/en/keychain.xml
"It acts as a front-end to ssh-agent, allowing you to easily have one
long-running ssh-agent process per system, rather than per login
session." I have used this before and it worked well, but I've been
meaning to switch to the pam_ssh module.
Does anybody use the pam_ssh module to automatically start agents on
login? I saw it when I was looking up pam documentation on modules.
Download through cvs http://sourceforge.net/cvs/?group_id=16000
Andrew
--
Andrew Shewmaker, Associate Engineer
Phone: 1-208-526-1276
Idaho National Eng. and Environmental Lab.
P.0. Box 1625, M.S. 3605
Idaho Falls, Idaho 83415-3605
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
More information about the Beowulf
mailing list