RSH scaling problems...
Robert G. Brown
rgb at phy.duke.edu
Wed Dec 18 08:08:32 PST 2002
On Tue, 17 Dec 2002, Jeff Layton wrote:
> Jesse Becker wrote:
>
> > On Sun, 15 Dec 2002, Mike S Galicki wrote:
> >
> > > I believe the default pty's in 2.4.20 is 1024, but when I list /dev/pty
> > > I only see 256 entries. MAKEDEV -m 1024 didn't seem to do anything past
> > > 256.
> >
> > The default number of ptys is 254 in 2.4.x Linux kernels. This is
> > hardcoded, and you need a kernel recompile if you need more.
>
> The way it was explained to me is that the function rcmd(), which
> is invoked by rsh, attempts to gobble up two ports between 512 and
> 1024. Simple math: you can only EVER have 256 rshs running on a
> machine at the same time. It usually is a lot less than this since other
> programs are gobbling up some of these ports. (Courtesy of Dan Nurmi
> of Argonne).
> So, even if you patch the kernel to give you more than 256 ptys,
> you also need to patch rcmd() to use a wider range of ports (at least
> in theory).
> Any comments?
My standard comment is that everyone in the computing universe should
simply stop using rsh, period, ever, for anything, and start using its
nextgen replacement ssh instead.
It is difficult to convey in a short note all of the advantages of ssh
relative to rsh -- authentication, encryption, port management, resource
managment, X forwarding, environment support and more. So read the man
page(s) instead.
It is marginally more "expensive" than rsh in system resources and
latencies associated with making a connection, but we're talking tenths
of seconds here, from my direct measurements, and that was some years
ago on slower machines AND included the use of bidirectional traffic
encryption. On a sandbox cluster LAN, one can of course NOT use
encryption in ssh and still realize all its benefits.
Many Universities and similar organizations, not being complete fools or
insensitive to the security risks associated with easily spoofed, easily
snooped protocols like telnet and rcp, have come to more or less require
ssh now that RSA patent issues seem to have disappeared, and have turned
off all telnet access throughout the organization.
The only significant bitch that I have with ssh these days is that the
openssh designers viewed a feature of rsh -- the ability to remotely
initiate a process and then disconnect, leaving the backgrounded process
still running with no tty -- as a "bug", and have made it much more
difficult to do this with ssh without the liberal use of .~ to forcably
disconnect sessions. A relatively small price to pay, though, for its
many features.
rgb
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu
More information about the Beowulf
mailing list