[GE users] Use of "-i" argument to "sshd" in rsh_daemon/rlogin_daemon configuration

Jeroen Kleijer j.kleijer at chello.nl
Thu Jul 29 16:13:38 BST 2004


I ran into the exact same problem and the manual page of ssh told me the
-i option did the following:

"Specifies that sshd is being run from inetd(8).  sshd is normally not
run from inetd because it needs to generate the server key before it can
respond to the client, and this may take tens of seconds. Clients would
have to wait too long if the key was generated every time. However, with
small key sizes (e.g., 512) using sshd from inetd may be feasible."

So I think it has something to do with the timing of SGE and ssh.

Cheers,

Jeroen Kleijer

On Thu, Jul 29, 2004 at 01:28:10AM -0700, Greg Earle wrote:
> Can someone explain to me why it was suggested to use "-i" as an
> argument to "sshd" if one wants to use SSH instead of the customized
> NetBSD "rsh"/"rshd" combo that comes with Grid Engine 6.0?
> 
> I ran straight into a big problem with doing this - namely, if
> I want to be able to ssh to an exec host without needing a password,
> I trash the cluster hosts' entries in $HOME/.ssh/known_hosts,
> then run "qrsh hostname" (or whatever) to each of the exec hosts,
> in turn, and when SSH asks if it's OK to connect, I say "yes" and
> let the keys returned get added to $HOME/.ssh/known_hosts.  From
> then on, I can run Grid jobs without a password, but as soon as I
> want to run "ssh" from the command line outside of the Grid
> environment, I get complaints about mis-matched keys and possible
> man-in-the-middle attacks.
> 
> Should I consider the fact that I can get Grid jobs to be dispatched
> remotely without a password but command-line ssh commands get
> rejected to be a "security feature"?
> 
> Or is there something wrong in my key setup that causes the
> on-the-fly key generation (if I'm reading the "-i" switch
> documentation in the "sshd" man page right) to generate a different
> key than either what it "should be", or is the key that the
> ormally-running daemonized "sshd" using the "wrong" key, somehow?
> It appears that "sshd" will generate 768-bit keys of its own when it
> starts up, so I tried running "ssh-keygen" to generate all 3 sets of
> keys on a few hosts with 768-bit keys, copied them to
> /.ssh/authorized_keys, /.ssh/id_rsa et al., and the standard server
> directory (.../etc/ssh_host_rsa_key, etc.).
> 
> But it's still not working ...
> 
> Thanks,
> 
> 	- Greg
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
> For additional commands, e-mail: users-help at gridengine.sunsource.net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list