[GE users] Use of "-i" argument to "sshd" in rsh_daemon/rlogin_daemon configuration

Greg Earle earle at isolar.DynDNS.ORG
Thu Jul 29 09:28:10 BST 2004


Can someone explain to me why it was suggested to use "-i" as an
argument to "sshd" if one wants to use SSH instead of the customized
NetBSD "rsh"/"rshd" combo that comes with Grid Engine 6.0?

I ran straight into a big problem with doing this - namely, if
I want to be able to ssh to an exec host without needing a password,
I trash the cluster hosts' entries in $HOME/.ssh/known_hosts,
then run "qrsh hostname" (or whatever) to each of the exec hosts,
in turn, and when SSH asks if it's OK to connect, I say "yes" and
let the keys returned get added to $HOME/.ssh/known_hosts.  From
then on, I can run Grid jobs without a password, but as soon as I
want to run "ssh" from the command line outside of the Grid
environment, I get complaints about mis-matched keys and possible
man-in-the-middle attacks.

Should I consider the fact that I can get Grid jobs to be dispatched
remotely without a password but command-line ssh commands get
rejected to be a "security feature"?

Or is there something wrong in my key setup that causes the
on-the-fly key generation (if I'm reading the "-i" switch
documentation in the "sshd" man page right) to generate a different
key than either what it "should be", or is the key that the
ormally-running daemonized "sshd" using the "wrong" key, somehow?
It appears that "sshd" will generate 768-bit keys of its own when it
starts up, so I tried running "ssh-keygen" to generate all 3 sets of
keys on a few hosts with 768-bit keys, copied them to
/.ssh/authorized_keys, /.ssh/id_rsa et al., and the standard server
directory (.../etc/ssh_host_rsa_key, etc.).

But it's still not working ...

Thanks,

	- Greg


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list