5.7.2 SSHThe Secure Shell

Table of content



		*6.5.4 SSH: Secure Shell Revisited*



		No matter how careful you are about restricting access to services through TCP Wrappers and firewalls, the bottom line is that you don't know how many networks and hosts are being traversed when a user logs into your Beowulf cluster. The easiest way to break into a system is to steal someone's password. You have little control over the quality of passwords your users choose, but you can exercise some level of control to reduce the chances of it being stolen. Traditional host access protocols such as FTP, Telnet, and RSH, require passwords to be transmitted over the network in the clear (in unencrypted plain text). Although your local network may be secure, once packets leave your network, they travel through many other systems before reaching their ultimate destination. One of those systems may have had its security compromised. The thing a cracker usually does after breaking into a system is to set up a program called a sniffer to monitor all network traffic, searching for passwords. When a user logs into a Beowulf from across the country, all of his keystrokes might be actively monitored by some sniffer in an intervening network. For this reason, it is highly recommended not to allow Telnet, FTP, or RSH access to your Beowulf. A universally accessible machine should disable these services on all of the nodes, while a guarded Beowulf should only disable the services on the worldly node.



		You clearly cannot turn off all possible ways to log in to your Beowulf, otherwise no one could use the machine. But you can use a new access method called SSH,10 developed by a company in Finland, and intended to replace traditional remote login methods. SSH has become standard software at many Unix sites, and is quickly becoming standard on Beowulf systems. Many Beowulf clusters only allow system access via SSH. We highly recommend this setup because SSH encrypts all network communications between two endpoints, including the X Window protocol, eliminating the chance that your passwords or other information may be captured by an eavesdropper.



		While there is much more to system security than we have presented, these tips should get you started. Beowulf systems can easily be made as secure as the policies of your institution require.

¹⁰SSH, or Secure Shell is a product developed by SSH Communications Security Ltd., offering both Win32 and Unix versions. The Unix version is available as open source software and can be downloaded from http://www.ssh.fi/

Table of content

How to Build a Beowulf

How to Build a Beowulf: A Guide to the Implementation and Application of PC Clusters (Scientific and Engineering Computation)

ISBN: 026269218X
EAN: 2147483647

Year: 1999
Pages: 134

Authors: Thomas Sterling, Daniel F. Savarese, Donald J. Becker, John Salmon

C & Data Structures (Charles River Media Computer Engineering)

PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases

101 Microsoft Visual Basic .NET Applications

Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment

Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net