On 21/07/2025 22:51, Steve Daniels wrote:
There are three different methods (two really) of allowing internode
communications for the ssh commanding.
Centralized management where select nodes have one way root passwordless
ssh access to all of the rest of the nodes and n-to-n where all nodes
have access to all other nodes via passwordless ssh.
When the central administration mode was first introduced you still
needed n-to-n ssh access or it all still fell apart despite being only
able to issue "administration" commands from the central nodes.
From recollection a slew of what I would call "user" commands (such as
changing an ACL on your *own* files for example) all stopped working
unless the n-to-n was maintained.
I am not precluding that this had changed in the meantime, but once
bitten twice shy as they say.
I still maintain reinventing the wheel, which will be a whole bunch of
infrequently tested code paths is a really bad idea in the modern
security threat environment.
JAB.
--
Jonathan A. Buzzard Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at gpfsug.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
