Lychee sytem: Difference between revisions
From MDWiki
Jump to navigationJump to search
Line 33: | Line 33: | ||
* restart sshd server and it should work. | * restart sshd server and it should work. | ||
see also: | |||
http://www.snailbook.com/faq/trusted-host-howto.auto.html | |||
https://www.cs.uwaterloo.ca/twiki/view/CF/SSHHostBasedAuthentication | |||
http://docs.hp.com/en/5992-4213/ch04s06.html |
Revision as of 02:44, 30 September 2008
ssh Hostbased Authentication
In order to make queue transfer data from and to cluster nodes (mango*) smoothly, ssh host based Authentication must be correctly setup.
- /etc/ssh/sshd_config on servers (actually everynodes & lychee) must have the following lines:
AllowUsers root *@mango* *@lychee*
HostbasedAuthentication yes IgnoreUserKnownHosts yes
- /etc/ssh/ssh_config on clients (mango* & lychee) must have:
Host * HostbasedAuthentication yes EnableSSHKeysign yes
- /etc/ssh/ssh_known_hosts2 stores protocol 2 ssh public keys, which can be obtained by:
ssh-keyscan -vt rsa mango02 >> /etc/ssh/ssh_known_host2
Different entries can share the same key, as long as the host machines use the same ssh_host_rsa_key key pairs(recommended).
- /etc/hosts.equiv stores all the possible hostname one in a line like
mango01 192.168.0.3 mango02 192.168.0.4 .... lychee lychee.md.smms.uq.edu.au 192.168.1.249 ...
- restart sshd server and it should work.
see also:
http://www.snailbook.com/faq/trusted-host-howto.auto.html https://www.cs.uwaterloo.ca/twiki/view/CF/SSHHostBasedAuthentication http://docs.hp.com/en/5992-4213/ch04s06.html