On Thu, Feb 04, 2010 at 10:27:18AM -0700, Mark Hahn wrote: > > but if you do want passwordless ssh, IMO the only sane solution is to > configure hostbased trust. having an unencrypted private key in your > home directory is hideous (moral equivalent of putting your password > in a file, in the clear...)
Completely agree that host-based passwordless SSH is the best approach, especially when jobs are submitted via a resource manager.. Also agree that an empty passphrase is a particularly bad approach. But, when done via ssh-agent, I don't see partiularly onerous security issues for a usage where you're manually launching jobs from an interactive session unless you have no faith in the system's integrity at all... -- David N. Lombard, Intel, Irvine, CA I do not speak for Intel Corporation; all comments are strictly my own. _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf