[Beowulf] RE:small distro for PXE boot, autostarts sshd?

David Mathog mathog at caltech.edu
Fri Feb 27 17:35:02 EST 2009


Thanks for all the feedback.  I will look at the tools you suggested
when I have more time.

FYI, here is a bit more info on PLD rescue and boel4.  In the end I
managed to coerce the latter into doing what I wanted, but not the former.  

For PLD there is some funny issue in 2.96 and 2.97 where the network
does not start during the normal boot (either by PXE or from CD), but
once the console comes up typing:

  /etc/init.d/network start

does bring up the network and sshd starts.  After that I was able to
connect via ssh (as root/pld).  Strange.  Of course my subnet is a
little strange - there is no DNS server since all the machines just use
hosts files.  A 5 year old version of PLD works as
desired when booted from a CD.  However, that one is old enough that it
might have problems recognizing modern hardware.

For boel4 it struck me as really odd that sshd wouldn't work, so I poked
and finally found all the problems.  There were a couple of issues:

1.  no dns server on subnet.  Solution, be sure the dynamic IP address
was included in the .../scripts/hosts file.  The sshd doesn't really
need to know its name, but the rcS script in boel4 insists on looking
one up - if the IP number isn't found either in hosts or dns it aborts
before ever getting to the user supplied script.

2.  sshd_config was set
PermitEmptyPasswords no
PasswordAuthentication no
(Note, PLD has a root password, but boel doesn't.  I may have said it
was the other way around in my first post.)

3.  the sshd start function from /etc/init.d/functions would not
not start.  It is expecting things to be different than they are for
this application.  

So, to fix 2 and 3 I took out the key pieces of the sshd start script
and stuffed them into a minimal user boel script, placed right after the
normal section which says:

echo "Load additional filesystem drivers."
modprobe reiserfs
modprobe ext2
modprobe ext3
modprobe jfs
modprobe xfs

##############################################################
ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
mkdir -p /dev/pts
mount -t devpts none /dev/pts
mkdir -p /var/empty
cat >/etc/ssh/sshd_config <<EOD
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile     .ssh/authorized_keys
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords yes
PasswordAuthentication yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
KeepAlive yes
Subsystem       sftp    /usr/lib/sftp-server
EOD
/usr/sbin/sshd

shellout
##############################################################

Now when the remote system PXE boots, with the default pxe configuration
set for boel4, and with the node assigned name "temp98.cluster" (or 
whatever other number it gets), and with the script above called 
"temp.master", the node comes up with sshd running, and one may
connect with:

  ssh 192.168.1.98

from root, without providing a password.  

The only remaining complication, and it is a minor one, is that since
the remote system has a new set of keys each time it boots, on the
client one must delete the previous key or it won't connect because it
thinks it sees a man in the middle attack.

Regards,

David Mathog
mathog at caltech.edu
Manager, Sequence Analysis Facility, Biology Division, Caltech
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the Beowulf mailing list