On 7/19/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> unless you really want to run programs as root, I wouldn't recommend to allow
> root login at all with ssh. Better is to have to login as a user first, and
> then su to root.
I disagree with this, actually. first, "su root" is almost always
the worst thing to do, since it requires that you have an easy-to-type
password for root, and that you quite possibly type it frequently.
using an SSH identity for logging in directly as root is surely
more secure. that's my preferred technique - I run ssh-agent
so almost never type any password.
If all the slave nodes are coming off a switch connected to the
cluster and behind a firewall, then i don't mind enabling ssh with
root access for the slave nodes. However, I never allow direct root
access to the head node of a cluster or any other box for that matter.
This was brought about by one of the SSH root exploits a few years
ago. Since then I'm cautious of enabling it.
su to root or sudo is my preferred method.
--
Gerald Davies
---------------------------------------------
w: http://www.geralddavies.com
_______________________________________________
Beowulf mailing list, [email protected]
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
