Lychee sytem: Difference between revisions
From MDWiki
Jump to navigationJump to search
(New page: == ssh Hostbased Authentication == In order to make queue transfer data from and to cluster nodes (mango*) smoothly, ssh host based Authentication must be correctly setup. * faf) |
|||
| Line 2: | Line 2: | ||
In order to make queue transfer data from and to cluster nodes (mango*) smoothly, ssh host based Authentication must be correctly setup. | In order to make queue transfer data from and to cluster nodes (mango*) smoothly, ssh host based Authentication must be correctly setup. | ||
* | * /etc/ssh/sshd_config on servers (actually everynodes & lychee) must have the following lines: | ||
AllowUsers root *@mango* *@lychee* | |||
HostbasedAuthentication yes | |||
IgnoreUserKnownHosts yes | |||
* /etc/ssh/ssh_config on clients (mango* & lychee) must have: | |||
Host * | |||
HostbasedAuthentication yes | |||
EnableSSHKeysign yes | |||
* /etc/ssh/ssh_known_hosts2 stores protocol 2 ssh public keys, which can be obtained by: | |||
ssh-keyscan -vt rsa mango02 >> /etc/ssh/ssh_known_host2 | |||
Different entries can share the same key, as long as the host machines use the same ssh_host_rsa_key key pairs(recommended). | |||
* /etc/hosts.equiv stores all the possible hostname one in a line like | |||
mango01 | |||
192.168.0.3 | |||
mango02 | |||
192.168.0.4 | |||
.... | |||
lychee | |||
lychee.md.smms.uq.edu.au | |||
192.168.1.249 | |||
... | |||
* restart sshd server and it should work. | |||
Revision as of 02:40, 30 September 2008
ssh Hostbased Authentication
In order to make queue transfer data from and to cluster nodes (mango*) smoothly, ssh host based Authentication must be correctly setup.
- /etc/ssh/sshd_config on servers (actually everynodes & lychee) must have the following lines:
AllowUsers root *@mango* *@lychee*
HostbasedAuthentication yes IgnoreUserKnownHosts yes
- /etc/ssh/ssh_config on clients (mango* & lychee) must have:
Host *
HostbasedAuthentication yes
EnableSSHKeysign yes
- /etc/ssh/ssh_known_hosts2 stores protocol 2 ssh public keys, which can be obtained by:
ssh-keyscan -vt rsa mango02 >> /etc/ssh/ssh_known_host2
Different entries can share the same key, as long as the host machines use the same ssh_host_rsa_key key pairs(recommended).
- /etc/hosts.equiv stores all the possible hostname one in a line like
mango01 192.168.0.3 mango02 192.168.0.4 .... lychee lychee.md.smms.uq.edu.au 192.168.1.249 ...
- restart sshd server and it should work.
