Re: Question on SSH configuration in a cluster environment.

From: Richard E. Silverman (res_at_qoxp.net)
Date: 01/17/04

Next message: Nico Kadel-Garcia: "Re: Question on SSH configuration in a cluster environment."

Previous message: Nico Kadel-Garcia: "Re: Port 135 Probes Continue"
In reply to: Kyler Laird: "Re: Question on SSH configuration in a cluster environment."
Next in thread: Doug O'Leary: "Re: Question on SSH configuration in a cluster environment."
Reply: Doug O'Leary: "Re: Question on SSH configuration in a cluster environment."
Reply: Snoopy_: "Re: Question on SSH configuration in a cluster environment."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 17 Jan 2004 14:03:36 -0500

>>>>> "KL" == Kyler Laird <Kyler@news.Lairds.org> writes:

>> b. Copy the /usr/local/etc/ssh* and /usr/local/ssh files from the
>> current node, onto the secondary node.

    KL> Sounds like a winner. If everything is configured identicially so
    KL> that a failover can occur easily, why not have ssh look the same
    KL> too?

Because now it is impossible for SSH to tell the difference between these
hosts in *any* situation, not just when users are connecting to the
clustered service. In other words, when someone does "ssh cluster," they
simply want to be assured that they are logging into one of the cluster
machines -- which the solution given here allows:

http://groups.google.com/groups?&threadm=m1l1ylwuijr.fsf%40sys1.des.jhy.us.ml.com

However, if a sysadmin does "ssh cluster-member-1", he wants to be assured
he's actually logging into that box. Giving them all the same key defeats
that ability; if one box is compromised, they can all be spoofed.

-- 
  Richard Silverman
  res@qoxp.net

Next message: Nico Kadel-Garcia: "Re: Question on SSH configuration in a cluster environment."

Previous message: Nico Kadel-Garcia: "Re: Port 135 Probes Continue"
In reply to: Kyler Laird: "Re: Question on SSH configuration in a cluster environment."
Next in thread: Doug O'Leary: "Re: Question on SSH configuration in a cluster environment."
Reply: Doug O'Leary: "Re: Question on SSH configuration in a cluster environment."
Reply: Snoopy_: "Re: Question on SSH configuration in a cluster environment."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Question on SSH configuration in a cluster environment.
... >> current node, onto the secondary node. ... Because now it is impossible for SSH to tell the difference between these ... In other words, when someone does "ssh cluster," they ... he's actually logging into that box. ...
(comp.unix.solaris)
Re: Question on SSH configuration in a cluster environment.
... >> current node, onto the secondary node. ... Because now it is impossible for SSH to tell the difference between these ... In other words, when someone does "ssh cluster," they ... he's actually logging into that box. ...
(comp.security.ssh)
Re: mpich and iptables firewall?
... to me it seems a very weird setup to have a firewall running ... on the cluster nodes. ... Using SGE you could disable rsh and ssh completely ... Chain FORWARD ...
(comp.parallel.mpi)
Authorized_keys and NFS
... We're currently trying to set up a small cluster for teaching students ... Storing nodes' ssh data in authorized_keys has turned running programs ... We have an NFS partition availible, and I can mount it and read/write ...
(SSH)
Question on SSH configuration in a cluster environment.
... When a failover happens in a cluster, ... known_hosts file is picking up the public key from the physical host. ... In investigating the ssh configuration issue for the cluster I have ... there are ssh connection issues because the host_keys are ...
(comp.unix.solaris)