[slurm-users] ssh-keys on compute nodes?

[Michael Jennings]

On Tuesday, 09 June 2020, at 15:26:36 (-0400),
Prentice Bisbal wrote:

> Host-based security is not considered as safe as user-based security, so
> should only be used in special cases.

That's a pretty significant claim, and certainly one that would need
to be backed up with evidence, references, etc.

Especially given that, from a cryptographic perspective, there's no
significant difference.  The host keys are created, exchanged, and
validated in essentially the same manner as the user keys.  Plus,
given that host-based authentication is set up and maintained by the
system admin(s) (presumably) carefully and with no opportunity for
users to "accidentally" introduce errors or flaws into their
configurations, one can easily see a clear argument for the
superiority of authenticating both host and user via a methodology
possessing none of these flaws or opportunities for tragedy! :-)

If your concerns are related to STIG compliance and/or other similar
policy-based safeguards, remember that clusters are a unique case --
one in which there is no significant difference between "compromised
cluster node" and "compromised cluster" (excepting the
master/SMW/admin host, of course) -- and such blanket policies have
*never* really made much sense in the HPC world.

So while it may be a "bad idea" in general for hosts to trust each
other, if the alternative is forceably maintaining unencrypted private
keys (that's what passphraseless key pairs are, after all!) and
relevant configuration stanza(s) per user to facilitate free
intracluster SSHing, host-based authentication managed and maintained
by the system's administrative staff *is*, unequivocally, a superior
solution.

And above all, remember the cardinal rule of security/insecurity
claims:  Sweeping generalizations about cybersecurity are ALWAYS
WRONG! ;-)

Michael

-- 
Michael E. Jennings <mej at lanl.gov>
HPC Systems Team, Los Alamos National Laboratory
Bldg. 03-2327, Rm. 2341     W: +1 (505) 606-0605