Unless, there is something, i am unaware of mmdsh can also be constraind to a set of designated nodes based on ssh keys. So not sure why it is more or less than xdsh or pdsh. It seems the same.
Steven A. Daniels Fax and Voice: 303-810-1229 ________________________________ From: gpfsug-discuss <[email protected]> on behalf of Jonathan Buzzard <[email protected]> Sent: Monday, July 21, 2025 12:08 PM To: [email protected] <[email protected]> Subject: [EXTERNAL] Re: [gpfsug-discuss] mmdsh rest api command [SNIP] > > Aren't xcat, pdsh, etc, based on passwordless root ssh as well? If > so, they don't solve my clients issues. I don't see them as better > than mmdsh just different authors of the same type of tool. > Currently GPFS requires all nodes to be able to SSH onto all other nodes as root without a password. Noting at the moment the native RestAPI is an experimental feature. This root level access across the entire system in a many to many fashion has always been an security issue. This is especially true in an HPC environment were end users get to log onto nodes that are part of a GPFS cluster. If anyone gets root on any node on the system then its game over. The likes of xdsh and pdsh allow *designated* nodes to be able to SSH onto other nodes without a password in a one to many fashion. That is fundamentally different to mmdsh. Further you can configure them to need an SSH key which is secured with a passphrase for additional security. Basically in this sort of scenario with xdsh/pdsh etc. only running on highly protected nodes with limited access you have substantially enhanced your security over mmdsh and why mmdsh's continued existence is not only not required but not desirable IMHO. There is also no need for the host running xdsh/pdsh etc. to be part of the GPFS cluster. That does mean some people relying on mmdsh will have to change how they work. However continuing with bad practice when other more secure options exist is IMHO unprofessional at best and give the current cyber security environment frankly down right negligent. JAB. -- Jonathan A. Buzzard Tel: +44141-5483420 HPC System Administrator, ARCHIE-WeSt. University of Strathclyde, John Anderson Building, Glasgow. G4 0NG _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
