[Beowulf] problem of mpich-1.2.7p1

Mark Hahn hahn at mcmaster.ca
Thu Feb 4 15:43:35 EST 2010


> simple instructions (or a link) on how to setup passwordless ssh
> through host based trust.

it's fairly simple.  hosts need to know each other (ie, host keys in
/etc/ssh/ssh_known_hosts), and each machine needs a list of trusted 
hosts in /etc/ssh/shosts.equiv.  target machines need sshd_config 
to contain "HostbasedAuthentication yes".  source machines need ssh_config 
to contain "EnableSSHKeysign yes" (I don't remember whether clients can 
do this via "ssh -oEnableSSHKeysign=yes" or not.)

one nice thing about hostbased trust is that it can (and probably should be)
asymmetric.  to be useful, compute nodes probably need to trust admin
and/or login nodes, but your login node doesn't have to trust compute nodes.
of course, you should never use this for machines you don't, well, "trust"
(such as random client machines outside your admin control...)

unencrypted public keys are very easy, and they work - the problem is that 
it's like putting your password into a file called ".hacker.please.take" ;)
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list