[GE users] SSH and host keys

crhea crhea at mayo.edu
Thu Feb 19 16:23:29 GMT 2009

> root is different. This must be in ~/.shosts on each node, as root's  
> home is local on each node and handled in a special way for security  
> reasons. With RSH it was the same in the past. It might also be, that  
> PAM must be adjusted. For RSH it was necessary to comment out a line,  
> where it was set up that root must come from a local trusted TTY.

I always just do "mv /etc/securetty /etc/securetty.orig". 

> Yes, user's SSH is good enough.

Thank you-- that's a key piece of info.

> > vi /etc/ssh/sshd_config
> > RhostsRSAAuthentication yes
> The above is only for SSH-1 I think, hence it's not necessary to have  
> it set to yes.

Good to know. I never keep the SSH-1/SSH-2 stuff straight.

> > StrictHostKeyChecking no
> Even if you set StrictHostKeyChecking to yes, it should work as in  
> ssh_known_hosts the nodes are already listet - but for this you need  
> the hostname entry there. The automatic add vanished, when I added  
> the hostname to each line there.

Also good to know. I wasn't sure why you had the simple hostname and the FQDN in the list. I just always used the FQDN. You are correct in that it does get rid of the annoying automatic add messages.

> As you use SSH: you have workstations and no private network for the  
> cluster?

No, we have dedicated cluster nodes on a private network... the switch from rsh to ssh is being driven by a known issue with Solexa Pipeline code (that runs out of ports/ptys if you use rsh).

--- Cris


To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].

More information about the gridengine-users mailing list