Lychee sytem
From MDWiki
Jump to navigationJump to search
ssh Hostbased Authentication
In order to make queue transfer data from and to cluster nodes (mango*) smoothly, ssh host based Authentication must be correctly setup.
- /etc/ssh/sshd_config on servers (actually everynodes & lychee) must have the following lines:
AllowUsers root *@mango* *@lychee*
HostbasedAuthentication yes IgnoreUserKnownHosts yes
- /etc/ssh/ssh_config on clients (mango* & lychee) must have:
Host * HostbasedAuthentication yes EnableSSHKeysign yes
- /etc/ssh/ssh_known_hosts2 stores protocol 2 ssh public keys, which can be obtained by:
ssh-keyscan -vt rsa mango02 >> /etc/ssh/ssh_known_host2
Different entries can share the same key, as long as the host machines use the same ssh_host_rsa_key key pairs(recommended).
- /etc/hosts.equiv stores all the possible hostname one in a line like
mango01 192.168.0.3 mango02 192.168.0.4 .... lychee lychee.md.smms.uq.edu.au 192.168.1.249 ...
- restart sshd server and it should work.
see also:
http://www.snailbook.com/faq/trusted-host-howto.auto.html
https://www.cs.uwaterloo.ca/twiki/view/CF/SSHHostBasedAuthentication