On Tuesday, 09 June 2020, at 15:26:36 (-0400), Prentice Bisbal wrote: > Host-based security is not considered as safe as user-based security, so > should only be used in special cases.
That's a pretty significant claim, and certainly one that would need to be backed up with evidence, references, etc. Especially given that, from a cryptographic perspective, there's no significant difference. The host keys are created, exchanged, and validated in essentially the same manner as the user keys. Plus, given that host-based authentication is set up and maintained by the system admin(s) (presumably) carefully and with no opportunity for users to "accidentally" introduce errors or flaws into their configurations, one can easily see a clear argument for the superiority of authenticating both host and user via a methodology possessing none of these flaws or opportunities for tragedy! :-) If your concerns are related to STIG compliance and/or other similar policy-based safeguards, remember that clusters are a unique case -- one in which there is no significant difference between "compromised cluster node" and "compromised cluster" (excepting the master/SMW/admin host, of course) -- and such blanket policies have *never* really made much sense in the HPC world. So while it may be a "bad idea" in general for hosts to trust each other, if the alternative is forceably maintaining unencrypted private keys (that's what passphraseless key pairs are, after all!) and relevant configuration stanza(s) per user to facilitate free intracluster SSHing, host-based authentication managed and maintained by the system's administrative staff *is*, unequivocally, a superior solution. And above all, remember the cardinal rule of security/insecurity claims: Sweeping generalizations about cybersecurity are ALWAYS WRONG! ;-) Michael -- Michael E. Jennings <m...@lanl.gov> HPC Systems Team, Los Alamos National Laboratory Bldg. 03-2327, Rm. 2341 W: +1 (505) 606-0605
