Re: ssh-vs-rsh benchmark result
On Fri, Aug 30, 2002 at 09:15:42AM -0700, A.J. Rossini wrote:
>
> This depends on how exactly the ssh/rsh connection is being used. If it
> is to be used as the pipeline for sending data, you are entirely
> correct. This is not necessarily the case; PVM can be set to use its
> own communications setup, so that ssh is soley to initialize the
> remote node message passing servers.
>
Just to make clear, unencrypted/scarcely-authenticated communication is
normal for PVM and other parallel libraries. ssh is only a convenient
(.ssh/authorized_keys) way to start pvm. In principle you could set up port
forwarding tunnels between all nodes on the cluster and redirect each pvmd
into each of these tunnels. I've never seen it done, and don't take my word
for it that it's even possible, you'd probably need to set up a lot of
private addresses on each node since you can't control pvm's choice of port
numbers.
from the README.Debian for pvm:
...
Note that using ssh will not gain you much security as the inter-pvm
communications occur over an insecure link, and may be used to start remote
processes. If you're not doing parallel computation on a private network
(or at least behind a firewall) you are strongly urged to set up a "virtual
private network" using IPSEC, ssh/ppp tunnels, or another similar
technology.
...
Some channels to consider:
parallel daemon setup rsh/ssh
launching jobs inter-pvmd, in clear
bulk communications direct, process-process sockets (or inter-pvmd)
file sharing optional, PVM will run without a network filesystem,
but many parallel programs built on top of PVM
assume shared data, and it is a convenient transport
mechanism for your binaries. Most (like NFS) are in
the clear and not very secure against tampering
or unauthorized access.
The MPIs are similar, communicating between nodes in the clear. Job
launching is implementation specific (each mpirun), and might be done over
ssh/rsh, which would be a win due to the stronger authentication done over
an ssh channel (compared to PVM just trusting a command packet received
over the established inter-pvmd network).
In short, you should secure your entire network layer (physally, if
performance matters), and not rely on ssh to secure your parallel
communications. If you're using NFS, you've already decided you trust your
local network, and might as well get the full performance out of your
network without any extra authentication or encryption overhead.
--
Dr. Drake Diedrich, Head - IT and Communications Unit
John Curtin School of Medical Research, GPO Box 334 Canberra ACT 2601
Voice: +61(2)6125-2528 FAX: +61(2)6247-4823
Reply to: