[GE users] SSH and host keys
crhea at mayo.edu
Wed Feb 18 22:34:43 GMT 2009
> > You mean for parallel jobs, as you wrote "between" the nodes. Hence
> > all exec hosts must trust the other exec hosts.
Yes-- we're just starting to see real parallel jobs. Previously, we did have users who had jobs that created other jobs (so we had the exec host -> exec host trust already set up.)
> <hostname>,<ip-addr>,<FQDN> ssh-rsa ...
I didn't need to use host and FQDN (I did FQDN,IP ssh-rsa ...)
What does NOT work is password-less root access between nodes, but I think this is something specifically blocked by host-based-authentication.
What isn't clear is where in the SGE process things are running as root versus running as the actual user. Is (non-root)user->user SSH good enough for parallel jobs?
Also, FWIW, I set up our cluster to use rsh (so /etc/hosts.equiv has all the cluster nodes and submit hosts, etc). We're running CentOS 5 (RHEL 5) and here are the things I had to set up to allow passwordless SSH (for normal users) between cluster nodes:
1. Use /etc/hosts.equiv to gather the RSA keys (here's my quick little script that allows adding the FQDN/IP per Reuti's post):
while read a
if [ "$a" = localhost ]; then
b=`host $a | sed 's/^.* //'`
echo "$a,$b" >> /tmp/f.hosts
done < /etc/hosts.equiv
ssh-keyscan -t rsa -f /tmp/f.hosts | sort -n > /tmp/ssh_known_hosts
cp /tmp/ssh_known_hosts /etc/ssh/ssh_known_hosts
Copy this file (/etc/ssh/ssh_known_hosts) to all machines involved.
EnableSSHKeysign yes # Add this line
service sshd restart
To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
More information about the gridengine-users