[GE users] SSH and host keys

[mhanby]

Thanks, I'd not used the ssh-keyscan utility, I may have to roll up an
automated task to do this in case a node gets reinstalled or a new node
is added.

-----Original Message-----
From: prentice [mailto:prentice at ias.edu] 
Sent: Monday, February 09, 2009 3:29 PM
To: users at gridengine.sunsource.net
Subject: Re: [GE users] SSH and host keys

prentice wrote:
> opoplawski wrote:
>> Anyone know how to avoid the following:
>>
>> $ qrsh -l idllic=1
>> The authenticity of host '[apollo.cora.nwra.com]:42115 
>> ([192.168.0.118]:42115)' can't be established.
>> RSA key fingerprint is
be:14:c6:b3:7e:23:48:57:71:c2:02:75:74:7e:f4:ec.
>> Are you sure you want to continue connecting (yes/no)?
>>
>> every time qrsh is run and the massive population of host keys it
causes?
>>
> 
> Use ssh-keyscan to pre-populate the key database on each system:
> 
> ssh-keyscan -t rsa,dsa -f /tmp/ssh_hosts | sort -n >
> /etc/ssh/ssh_known_hosts
> 
> rm /tmp/ssh_hosts
> 
> There's a man page for ssh-keyscan that can give you the full details.
I
> wrote a script to automate this on my cluster so that when I
re-install
> a new node, I don't need to worry about preserving the node's ssh keys
-
> I just update /etc/ssh/ssh_known_hosts by running the script after the
> install.
> 

This should be obvious but, I'll mention it anyway: /tmp/ssh_hosts is a
file you create yourself in advance containing the names of the hosts
you want in your known_hosts file.

-- 
Prentice

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessage
Id=103013

To unsubscribe from this discussion, e-mail:
[users-unsubscribe at gridengine.sunsource.net].

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=104158

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].