Hi Ole, Ole Holm Nielsen <ole.h.niel...@fysik.dtu.dk> writes:
> Hi Loris, > > On 5/27/21 8:19 AM, Loris Bennett wrote: >> Regarding keys vs. host-based SSH, I see that host-based would be more >> elegant, but would involve more configuration. What exactly are the >> simplification gains you see? I just have a single cluster and naively I >> would think dropping a script into /etc/profile.d on the login node >> would be less work than re-configuring SSH for the login node and >> multiple compute node images. > > IMHO, it's really simply to setup hostbased SSH authentification: > https://wiki.fysik.dtu.dk/niflheim/SLURM#host-based-authentication Your explanation is very clear, but it still seems like quite a few steps with various gotchas, like the fact that, as I understand it, shosts.equiv has to contain all the possible ways a host might be addressed (short name, long name, IP). > This is more secure on Linux clusters, and you don't need to configure users' > SSH keys, so it requires less configuration for the sysadmin in the long run. It is not clear to me what the security advantage is and setting up the keys it just one script in /etc/profile.d. Regarding the long term, the keys which were set up on our old cluster were just migrated to the new cluster and still work, so it is also a one-time thing. I assume I must be missing something. Cheers, Loris -- Dr. Loris Bennett (Hr./Mr.) ZEDAT, Freie Universität Berlin Email loris.benn...@fu-berlin.de
