Lychee sytem

From MDWiki
Jump to navigationJump to search

ssh Hostbased Authentication

In order to make queue transfer data from and to cluster nodes (mango*) smoothly, ssh host based Authentication must be correctly setup.

  • /etc/ssh/sshd_config on servers (actually everynodes & lychee) must have the following lines:
  AllowUsers root *@mango* *@lychee*
  HostbasedAuthentication yes
  IgnoreUserKnownHosts yes
  • /etc/ssh/ssh_config on clients (mango* & lychee) must have:
  Host *
       HostbasedAuthentication yes
       EnableSSHKeysign yes
  • /etc/ssh/ssh_known_hosts2 stores protocol 2 ssh public keys, which can be obtained by:
  ssh-keyscan -vt rsa mango02 >> /etc/ssh/ssh_known_host2

Different entries can share the same key, as long as the host machines use the same ssh_host_rsa_key key pairs(recommended).

  • /etc/hosts.equiv stores all the possible hostname one in a line like
   mango01
   192.168.0.3
   mango02
   192.168.0.4
   ....
   lychee
   lychee.md.smms.uq.edu.au
   192.168.1.249
   ...
  • restart sshd server and it should work.

see also:

http://www.snailbook.com/faq/trusted-host-howto.auto.html

https://www.cs.uwaterloo.ca/twiki/view/CF/SSHHostBasedAuthentication

http://docs.hp.com/en/5992-4213/ch04s06.html