This configuration has been tested with openssh-4.3p2-29.el5.

Setup passwordless ssh login

Have a look at Secure Passwordless Logins with SSH.

On dulak-server

  • Download authorized_keys under /usr/local/bin, and:

    chmod ugo+rx /usr/local/bin/authorized_keys
  • for every user, as root, do:

    su - ${thisuser} -c /usr/local/bin/authorized_keys

Setup hashing of ssh_known_hosts file

Skip this step if installing workstation only.

See http://itso.iu.edu/Hashing_the_OpenSSH_known__hosts_File.

On "Golden Client"

  • as root, download generate_ssh_known_hosts.py,

  • generate ssh_known_hosts file based on "Golden Client" key:

    python generate_ssh_known_hosts.py /etc/ssh/ssh_host_rsa_key.pub > ssh_known_hosts
  • append dulak-server information:

    scp dulak-server:/etc/ssh/ssh_host_rsa_key.pub /tmp
    python generate_ssh_known_hosts.py --mode='server' /tmp/ssh_host_rsa_key.pub >> ssh_known_hosts
  • deploy hashing of ssh_known_hosts:

    ssh-keygen -H -f ./ssh_known_hosts
    rm -f ssh_known_hosts.old
    cp ssh_known_hosts /etc/ssh/
    rm -f ~/.ssh/known_hosts

    Add:

    HashKnownHosts yes
to /etc/ssh/ssh_config.

On dulak-server

Deploy hashing of ssh_known_hosts by:

rm -f ~/.ssh/known_hosts

and adding:

HashKnownHosts yes

to /etc/ssh/ssh_config.

Maintenance

To list an entry of hostname in ~/.ssh/known_hosts use:

ssh-keygen -v -F hostname

To delete hostname from ~/.ssh/known_hosts:

ssh-keygen -v -R hostname

Adding -f /etc/ssh/ssh_known_hosts will perform these operations on the specified file.

Go to installing and configuring batch system.

Niflheim: Building_a_Cluster_-_Tutorial/configuring_ssh (last edited 2010-11-04 13:01:16 by OleHolmNielsen)