[GE users] SSH and host keys

reuti reuti at staff.uni-marburg.de
Wed Feb 18 16:13:31 GMT 2009


Am 18.02.2009 um 12:02 schrieb reuti:

> Am 16.02.2009 um 20:36 schrieb crhea:
>
>> I'm missing something here...
>>
>> Right now, I'm using RSH between the nodes. I have /root/.rhosts
>> and /etc/hosts.equiv set up to allow passwordless RSH.
>>
>> We've run into the issue of rsh reaching a number of ports limit
>> (discussed elsewhere in the SGE forums) and I'd like to look at
>> running SSH. I understand your ssh_known_hosts script, but I'm
>> unclear what system(s) this file needs to be populated-- The
>> master? The exec hosts?
>
> You mean for parallel jobs, as you wrote "between" the nodes. Hence
> all exec hosts must trust the other exec hosts.
>
> https://wiki.systemsx.ch/display/ITDOC/OpenSSH+hostbased
> +authentication+HOWTO
>
> This seems working up to the point, when SSH calls PAM. Then PAM
> denies access. I'm still looking to get it working. (For now I set it
> up with passphrase-less user based authentication which will also
> work in clusters [on sites where they need SSH as I on my own prefer
> the rsh/built-in method in a private cluster], but this has to be
> done for each user.)

I got it working now with the instructions mentioned above. Although  
I didn't change anything regarding PAM, it seems that the nodes must  
be in a special way in /etc/ssh/ssh_known hosts: it must contain all  
three values per line per host:

<hostname>,<ip-addr>,<FQDN> ssh-rsa ...

-- Reuti


>> The submission hosts?  Is this done for root only, or do I need to
>> pre-load something for
>> all user accounts too?
>
> The known_hosts file you have to implement for each user, or common
> in /etc/ssh/ssh_known_hosts.
>
> -- Reuti
>
>
>> I'm not understanding what hosts need to trust what...
>>
>> Thanks-
>>
>> --- Cris
>>
>> ------------------------------------------------------
>> http://gridengine.sunsource.net/ds/viewMessage.do?
>> dsForumId=38&dsMessageId=107494
>>
>> To unsubscribe from this discussion, e-mail: [users-
>> unsubscribe at gridengine.sunsource.net].
>
> ------------------------------------------------------
> http://gridengine.sunsource.net/ds/viewMessage.do? 
> dsForumId=38&dsMessageId=108867
>
> To unsubscribe from this discussion, e-mail: [users- 
> unsubscribe at gridengine.sunsource.net].

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=109066

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].



More information about the gridengine-users mailing list