| | | | | The rsh command is the standard way of executing commands and starting parallel applications on other nodes. A lot of system software, including the PVM and MPI libraries, relies heavily on rsh for remote command execution. rsh requires that an rsh server (/usr/sbin/in.rshd on most Linux systems) run on the remote node. The rsh program connects to the server, which then checks that the client's originating port is a privileged port before taking any further action. On Unix systems, only processes with root privileges may open privileged ports between 1 and 1024. The rsh check is a historical artifact dating from the days when you could be reasonably sure a connection originating from a privileged port could be trusted on that basis alone. After performing the check, the server compares the client's host address against a file called /etc/hosts.equiv which contains a list of trusted hosts. Connections originating from trusted hosts do not require a password to be granted system access. If the host is not in /etc/hosts.equiv, the server checks the home directory of the user with the same user id as the user originating the connection for a file called .rhosts. The .rhosts file can contain a list of hosts from which a user can connect without entering a password. It is like hosts.equiv, but checked on a user basis rather than a global basis. If the host is not found in .rhosts, then the user is challenged for a password in order to execute the remote command. The rsh command is extremely useful for performing system administration tasks, and launching parallel applications. However, it only allows the execution of a command on one other node. Many times you will want to execute a command on multiple nodes at a time. Typically, Beowulf users will write shell scripts that spawn multiple copies of rsh to do this work. We present one such script, called prsh in Section 6.4.4. | | | | | | | | | 5.7.2 SSH The Secure Shell | | | | | | | | | The secure shell, SSH, is a set of security conscious drop-in replacements for the BSD rsh, rlogin, and rcp commands. The SSH counterparts are ssh, slogin, and scp. The main problem with the BSD R commands is that they transmit passwords across the network in plain text, which makes it extremely easy to steal passwords. In addition, the use of .rhosts files tends be a weak point in system security. Yet another problem is that the R commands have to be installed as suid root because they must open privileged ports on the client node. The R commands are more than adequate to use in an ostensibly secure environment, such as the internal nodes of a guarded Beowulf system (see Section 6.1.3), which are normally configured with their own private network. However, nodes exposed to the external world should only be allowed access via a secure mechanism such as SSH. | | | | | | | | | SSH is a commercial product developed by SSH Communications Security, Ltd., | | | | |