On 19-06-2020 18:55, Mark Hahn wrote:
The host-based SSH authentication is a good idea, but only inside the
cluster's security perimeter, and one should not trust computers
external to the cluster nodes in this way.
Even more than that! Hostbased allows you to define intersecting sets of
asymmetric trust. For instance, usually symmetric trust among compute
nodes,
and they trust login nodes. But perhaps login nodes don't trust compute
nodes, but do trust each other. And admin nodes don't trust anyone, but
everyone trusts them. If you have "equivalent" clusters (same LDAP,
etc), then you might want login nodes of different clusters to trust
each other.
So how do you configure that? Let me guess that you configure
host-based SSH authentication on all nodes, but who trusts who is
configured in the /etc/ssh/shosts.equiv file? Do you have any
guidelines for how to configure such asymmetric trust?
The big win is that you entirely avoid the presence of private keys on
the cluster.
We've used this widely in ComputeCanada since about 2003.
/Ole
