On 7/2/2013 7:18 PM, Greg Lindahl wrote: > On Tue, Jul 02, 2013 at 10:54:14AM -0400, Joe Landman wrote: > >> One argument which is easy to make for salt, which I didn't see anyone >> make is, it lets you lower your risk by removing the ssh daemon. > You mean raise your risk, because the ssh equivalent in the pub-sub > world is going to be less audited and more risky.
I am talking about removing an attack surface (removal of the ssh daemon), not specifically increasing the attack surface and probability of compromise by the mechanism you indicate. My point was to set up a specific case, and point out its relative weakness as an argument, as you have to replace the sshd with something which eventually performs similar function. My argument was that this is a silly way to approach, and there's no real benefit to doing this. As you point out below, there is indeed a cost to doing so. > > To quote the article: > > | 0mq does not natively support encryption, so Salt includes its own AES > | implementation that it uses to protect its payloads. Recently, a flaw > | was discovered in this code along with several other remote > | vulnerabilities. Ansible is largely immune to such issues because its > | default configuration uses standard SSH To a degree, this was implicit in my point. ssh solves a number of these issues quite well, so building upon it makes sense. Replacing it, for the sake of replacing it, is a fools game, as it provides no significant benefit, and several specific costs (insecurity, etc.). _______________________________________________ Beowulf mailing list, [email protected] sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
