On Thu, Feb 04, 2010 at 10:27:18AM -0700, Mark Hahn wrote:
> 
> but if you do want passwordless ssh, IMO the only sane solution is to 
> configure hostbased trust.  having an unencrypted private key in your 
> home directory is hideous (moral equivalent of putting your password 
> in a file, in the clear...)

Completely agree that host-based passwordless SSH is the best approach,
especially when jobs are submitted via a resource manager..

Also agree that an empty passphrase is a particularly bad approach.

But, when done via ssh-agent, I don't see partiularly onerous security issues
for a usage where you're manually launching jobs from an interactive session
unless you have no faith in the system's integrity at all...

-- 
David N. Lombard, Intel, Irvine, CA
I do not speak for Intel Corporation; all comments are strictly my own.
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
http://www.beowulf.org/mailman/listinfo/beowulf

Reply via email to