Re: ssh-vs-rsh benchmark result

To: debian-beowulf@lists.debian.org
Subject: Re: ssh-vs-rsh benchmark result
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Wed, 28 Aug 2002 20:32:56 -0300
Message-id: <[🔎] 20020828233256.GC13090@cordes.phys.dal.ca>
Mail-followup-to: debian-beowulf@lists.debian.org
In-reply-to: <[🔎] 20020828150443.GC30967@dague.net>
References: <[🔎] 20020826155030.3b5681b9.dancer@netfort.gr.jp> <[🔎] 20020826141248.GL73768@terizla.org> <[🔎] 20020827183710.5e22ef4f.dancer@netfort.gr.jp> <[🔎] 20020828150443.GC30967@dague.net>

On Wed, Aug 28, 2002 at 11:04:43AM -0400, Sean Dague wrote:
> On Tue, Aug 27, 2002 at 06:37:10PM +0900, Junichi Uekawa wrote:
> > ... and for a 0.1-second computing task of obtaining the load average
> > of hosts, running through 1000 computer nodes, it will make a big
> > difference.
> 
> But in that case why are you using ssh or rsh for that purpose, when
> something like ganglia or pcp will provide you that information nearly
> continuously with very little overhead.

 You never know when you might want to run something on all hosts.  It's
useful to have the capability of doing it quickly.  You might not make use
of it often, so it might not be all that useful, but rsh has non-zero utility.

 rsh is totally insecure against someone who is on the same ethernet segment
as you, so if someone sneaks into your computer room and attaches a wireless
LAN (802.11b) hub to your network, they could log into your machines, from a
laptop, while they sit outside your building).  This is an unlikely attack,
unless there is sensitive data on your computers.  Other than copying your
data, or (more insidiously) corrupting it to make your calculations give
incorrect results, there is little to gain by such an attack.  There is also
a large chance of getting caught (compared with remote attacks over the
Internet), since someone would have to physically break into your room.
That probably limits the suspects to students at your university, or
employees at your company, or personnel on your military base, etc.

 If that sort of attack is not a big concern, then it is probably worth it
to have rsh set up.

 Also, nobody has pointed out some of the things you can do with ssh that
you can't do with rsh.  With ssh, you can create a keypair, and put the
public key in the authorized_keys file on any host you want to be able to
log in to using the private key.  The cool part is that you can limit that
key to running only a certain command.  The advantage is that you can
automate tasks that need root on remote machines without allowing
passwordless root shell logins in general.  Read more in 
sshd(8): AUTHORIZED_KEYS FILE FORMAT.

 One advantage of always using ssh is that you get used to using it, so you
don't so much time trying to remember its quirks when you need to log in
over an insecure network (so you can't use the more familiar rsh).  This
applies more to using scp instead of ftp, because ssh by itself is pretty
much identical to rsh, and not very quirky :)

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to:

Follow-Ups:
- Re: ssh-vs-rsh benchmark result
  - From: Dale Southard <southard1@llnl.gov>

References:
- ssh-vs-rsh benchmark result
  - From: Junichi Uekawa <dancer@netfort.gr.jp>
- Re: ssh-vs-rsh benchmark result
  - From: Rob Latham <rob@terizla.org>
- Re: ssh-vs-rsh benchmark result
  - From: Junichi Uekawa <dancer@netfort.gr.jp>
- Re: ssh-vs-rsh benchmark result
  - From: Sean Dague <sean@dague.net>

Prev by Date: Re: ssh-vs-rsh benchmark result
Next by Date: Re: ssh-vs-rsh benchmark result
Previous by thread: Re: ssh-vs-rsh benchmark result
Next by thread: Re: ssh-vs-rsh benchmark result
Index(es):
- Date
- Thread