[GE users] security issue question

reuti reuti at staff.uni-marburg.de
Wed Sep 30 10:42:57 BST 2009


Hiho,

Zitat von cdeligka <cdeligka at purdue.edu>:

> dear all,
>
> thanks to the much appreciated help of Reuti I have been able to set up a
> cluster with SGE without using NFS (I am using the delegated file staging
> feature of SGE).
> For each user I have set up passwordless ssh login from the execution host to
> the master host (in order to scp the input and output files). Only the master
> node is connected to the internet, the execution nodes are not   
> connected to the
> internet.
>
> I was wondering if the passwordless ssh login from an execution host to the
> master host can create security issues for the master host. If yes, is there
> something I can do to increase the security?

yes, passwordless login shouldn't be used. You may read the complete  
recent thread of http://beowulf.org/archive/2009-September/026417.html  
The best would be hostbased ssh. This has the advantage that you don't  
need to create an ssh-key for each new user, and OTOH the known_hosts  
file doesn't contain any entries from the cluster machines, which  
makes it easier for the user to track the entries (you set  
stricthostkeychecking=no for now?).

Although it's not a primary SGE topic, I could put the necessary steps  
in a Howto next week.

-- Reuti


> thank you all for your help,
>
> Christos
>
> ------------------------------------------------------
> http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=219736
>
> To unsubscribe from this discussion, e-mail:   
> [users-unsubscribe at gridengine.sunsource.net].
>
>

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=219759

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].



More information about the gridengine-users mailing list