[GE users] SSH and host keys
crhea at mayo.edu
Thu Feb 19 16:23:29 GMT 2009
> root is different. This must be in ~/.shosts on each node, as root's
> home is local on each node and handled in a special way for security
> reasons. With RSH it was the same in the past. It might also be, that
> PAM must be adjusted. For RSH it was necessary to comment out a line,
> where it was set up that root must come from a local trusted TTY.
I always just do "mv /etc/securetty /etc/securetty.orig".
> Yes, user's SSH is good enough.
Thank you-- that's a key piece of info.
> > vi /etc/ssh/sshd_config
> > RhostsRSAAuthentication yes
> The above is only for SSH-1 I think, hence it's not necessary to have
> it set to yes.
Good to know. I never keep the SSH-1/SSH-2 stuff straight.
> > StrictHostKeyChecking no
> Even if you set StrictHostKeyChecking to yes, it should work as in
> ssh_known_hosts the nodes are already listet - but for this you need
> the hostname entry there. The automatic add vanished, when I added
> the hostname to each line there.
Also good to know. I wasn't sure why you had the simple hostname and the FQDN in the list. I just always used the FQDN. You are correct in that it does get rid of the annoying automatic add messages.
> As you use SSH: you have workstations and no private network for the
No, we have dedicated cluster nodes on a private network... the switch from rsh to ssh is being driven by a known issue with Solexa Pipeline code (that runs out of ports/ptys if you use rsh).
To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].
More information about the gridengine-users