securing remote/distributed boxes

bruce badouglas at
Fri Dec 20 18:45:04 UTC 2013


Continuing a thread I've been posting on...

I've got a project where there will be a number of client boxes across
the net. The boxes will run a base fedora/centos, and be used as
"compute" nodes if you will.

The boxes will need to connect back to the master server(s) to
exchange information.

The masterservice sends information out using a queing process
(gearman/etc) and the child/client box gets the data, processes it,
returns the data.

So, from the child/clientside, the client box needs to be able to have
remote access to the master queue, via the tunnelling/port process.
This (at least to me) means I've got to have ssh running/ports open,
along with the ability to have pub/private keys so i can
programatically access/shove data across the ssh tunnels.

The boxes need to be locked down/secure as possible.

Other than ssh/internet access, and a few local apps/processes, most
of the other services can be shut down in order to make the box as
secure as possible.

The boxes will not have "users" accessing the box.

Think of the box, as a node on a BOINC/SETI kind of system, where a
bunch of edgenode boxes are used to do computational processing.

Thoughts/comments are welcome.


More information about the users mailing list