That's fine, if you've got SSH on the system doing the logging in. And
if you have ROOM on the terminal box to have the Openssh installed (on
the 6.2 Linux box I'm talking about, the free space is 1.2 Meg... even
/var/log fills up. If I hadn't put it on a different partition, I would
be in trouble.) This system was literally scavenged from the trash pile
to make a new useful workstation terminal; in that case, with it being
a P133, I felt lucky to have it at all, so I didn't quibble over the
teeny harddrive; it filled a need for an extra workdesk for $0.
Openssh doesn't run on the supercomputer (which needs to make the
connection)
properly. >SSH< doesn't interact properly with Veritas; it demands rsh
(hardcoded
somewhere, grumble), and is expensive to boot. So I'm out-of-luck
>ON THAT MACHINE< running it. Note, a 7.0 box works with great
with OpenSSH using RhostAuthentication mode. It literally is just a quirk
of that particular Veritas client in my particular setup. In my case,
rsh IS the solution FOR THAT CONNECTION... and only that one.
I have SSH (actually, OpenSSH) installed on every one of my machines that
I could get the client to compile on. I have the latest and greatest
on all of those. So I DO use OpenSSH... but there are cases where it's
NOT the answer to the question.
What I'm saying is, give the guy BOTH sides... tell him he probably REALLY
wants to use OpenSSH (True... as I said, 95% of the time, that IS the right
answer). But also, don't tell him "You NEVER want to do something else",
which can be a garbage response... after all, what if the guy is building
a Beowulf? SSH is great in some domains; you can sometimes justify the
overhead of SSH in some environments, but sometimes, when the messages
for IPC are small and frequent, and it's a closed network, true Beowulf,
it makes sense to me to save that 3-4% of CPU usage and go with the lighter
weight rsh protocol; there's less overhead, and you're only talking about
compute nodes to head communications. Some Beowulfs use ssh, true; some
just can't justify it based on their problem domain.
Bill Ward
-----Original Message-----
From: Thornton Prime [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 09, 2001 11:50 AM
To: [EMAIL PROTECTED]
Subject: RE: root remote login
On Mon, 9 Apr 2001, Ward William E DLDN wrote:
> Openssh doesn't work for this properly for various reasons; logging in as
> a different user and su'ing is fine for sysadmin duties, but doesn't work
> for automated logins... so my choice is to modify my config files to
> allow root logins.
Maybe I'm missing something, but SSH Doesn't work for automated logins?
SSH supports three automated login modes.
1. RhostsAuthentication.
SSH was designed to work as a drop in replacement for rsh, and can even
support RSH rhosts file authentication.
2. RhostsRSAAuthentication
Register your client key on the server, then use ssh as you would rsh,
except you aren't victim to lame DNS spoofing attacks.
3. RSAAuthentication/PubkeyAuthentication
Generate a user key, register it on the server. This is the most secure
of the three automated login methods.
man sshd for more information.
SSH supports root logins by password, by key only, or by key only with
non-interactive command. The last method is ideal for backup operations.
It sounds like you have taken suitable precautions to make sure that rsh
won't destroy your life. Please note, though, that ssh is designed to be a
drop in replacement for rsh -- and many will even symlink ssh to rsh.
I'm not going to tell you that you *have* to use ssh instead of rsh, but I
have yet to see a situation where rsh or telnet was a better choice over
ssh.
thornton
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
