[Beowulf] Regarding PASSWORDLESS ssh
akhtar Rasool
akhtar_samo at yahoo.com
Thu Aug 5 14:52:57 PDT 2004
Hi,
1. Is it necessary to have the UID 's of the users same for passwordless SSH.
2. passwordless ssh in Redhat linux 9 is achieved thru SSH v2, is it necessary.....
I m Completely blocked doing passwordless ssh, the method which i tried is given under kindly solve my problem otherwise the MPICH installation makes some problems plus i can't execute program on 2 or 3 or 4 nodes.......
METHOD FOR PASSWORDLESS SSH
Generate a key pair while logged in as the kuser user on the client computer using the ssh-keygen command:
ssh-keygen -b 1024 -f identity -P '' -t dsa
This ssh-keygen command creates a 1,024-bit (-b 1024) key pair called identity (-f identity) using the DSA algorithm (-t dsa). The private key is created with a null-passphrase (-P ''), which is important for automating the login process.
Next, transfer the public key to the server. You can do this through a variety of means. I'll use SCP:
scp identity.pub kuser@[ip.of.server]:~/identity-[ip.of.client].pub
This command transfers a file called identity.pub from the local client computer by logging in as kuser on the remote server, and creates a file called identity-[ip.of.client].pub on that remote host. I recommend using a naming convention such as identity-[ip.of.client].pub to prevent possibly overwriting any identity.pub file already on the server. For example, transferring the file from a client at 192.168.1.181 to a server located at 192.168.1.10 using SCP might look like:
scp identity.pub kuser at 192.168.1.10:~/identity-192.168.1.181.pub
You're prompted for the password for the kuser user on the remote host, and the file is transferred.
With the public key transferred to the server, log in to the server as the kuser user using SSH. You may be asked if you'd like to continue connecting to the server since the authenticity can't be verified. This is normal behavior the first time you connect to the SSH server. It's wise to verify the key fingerprint you receive, but in reality people usually just type "yes" to continue connecting.
Once on the server, use the command mkdir .ssh to create a .ssh directory within kuser's home directory, if one doesn't already exist, and place the contents of the identity-[ip.of.client].pub into a file called .ssh/authorized_keys:
cat identity-[ip.of.client].pub >> .ssh/authorized_keys
This command copies the contents of the public key from the client into a special file on the server side. Some Linux implementations create the file with the proper permission; others don't, so it's a good idea to verify the permission of this file on the server. It should be u+r or u+rw at most. If necessary, change the permission of the authorized_keys file on the server:
chmod 400 .ssh/authorized_keys
Run ls -l in the .ssh directory to double-check the permissions for the authorized_keys file, then log out of the server.
Now it's time to test the implementation. As the kuser user on the client, enter the command ssh [hostname/ip of server]. You should be logged in automatically without being prompted for a password. Congratulations!
Kindy solve my problem...........
Akhtar
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20040805/4e97600f/attachment.html>
More information about the Beowulf
mailing list