[Linux-cluster] anyone modified fence_mcdata to use ssh instead of telnet?
linux-cluster at merctech.com
linux-cluster at merctech.com
Fri Apr 4 22:41:56 UTC 2008
Telnet is fundamentally insecure. We've known this for about 20 years. Finally,
network switches, fibre switches, appliances, etc., have begun to recognize this
truth. For example, the McData fibre switches give you the choice of telnet
(evil) or ssh (good). Note that this is a choice between them...you cannot have
both protocols enabled at once (at least not with the switch hardware and
firmware rev I'm using).
So, like a good sysadmin, I enable ssh on my McData Sphereon 4400. I can ssh
into the switch and configure it via the command line. Happiness. Unfortunately,
the fence_mcdata script assumes that the only way to connect to the switch is
via (evil) telnet.
Before I start hacking the fence_mcdata script...has anyone already modified
this to make it more secure? If not, this would be a simple product
enhancement (hint, hint).
Thanks,
Mark
More information about the Linux-cluster
mailing list