[GE users] SSH and host keys

crhea crhea at mayo.edu
Wed Feb 18 22:34:43 GMT 2009


> > You mean for parallel jobs, as you wrote "between" the nodes. Hence
> > all exec hosts must trust the other exec hosts.


Yes-- we're just starting to see real parallel jobs. Previously, we did have users who had jobs that created other jobs (so we had the exec host -> exec host trust already set up.)


> 
> <hostname>,<ip-addr>,<FQDN> ssh-rsa ...
> 

I didn't need to use host and FQDN (I did FQDN,IP ssh-rsa ...)

What does NOT work is password-less root access between nodes, but I think this is something specifically blocked by host-based-authentication.

What isn't clear is where in the SGE process things are running as root versus running as the actual user. Is (non-root)user->user SSH good enough for parallel jobs?

Also, FWIW, I set up our cluster to use rsh (so /etc/hosts.equiv has all the cluster nodes and submit hosts, etc). We're running CentOS 5 (RHEL 5) and here are the things I had to set up to allow passwordless SSH (for normal users) between cluster nodes:

1. Use /etc/hosts.equiv to gather the RSA keys (here's my quick little script that allows adding the FQDN/IP per Reuti's post):

  rm /tmp/f.hosts
    while read a
    do
        if [ "$a" = localhost ]; then
            continue
        fi
        b=`host $a | sed 's/^.* //'`
        echo "$a,$b" >> /tmp/f.hosts
    done < /etc/hosts.equiv
    ssh-keyscan -t rsa -f /tmp/f.hosts | sort -n > /tmp/ssh_known_hosts

    cp /tmp/ssh_known_hosts /etc/ssh/ssh_known_hosts

Copy this file (/etc/ssh/ssh_known_hosts) to all machines involved.

vi /etc/ssh/sshd_config
RhostsRSAAuthentication yes
HostbasedAuthentication yes

vi /etc/ssh/ssh_config
HostbasedAuthentication yes
EnableSSHKeysign yes  # Add this line
StrictHostKeyChecking no

service sshd restart

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=109281

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].



More information about the gridengine-users mailing list