[Beowulf] Re:passwordless rsh/ssh
Donald Kinghorn
kinghorn at pqs-chem.com
Thu Jun 23 08:10:42 PDT 2005
... you usually have to change a line in /etc/pam.d/rlogin to;
auth sufficient pam_securetty.so
by default it will be set to "required".
rsh and rlogin are usually under xinetd control so you also need to add the -h
flag on the server startup line to allow root rsh.
You should also restrict rsh and rlogin to your local cluster subnet with the
"only_from" option.
Here's my rsh file in /etc/xinet.d
service shell
{
socket_type = stream
protocol = tcp
flags = NAMEINARGS
wait = no
user = root
group = root
log_on_success += USERID
log_on_failure += USERID
only_from = 192.168.1.0/24
server = /usr/sbin/tcpd
server_args = /usr/sbin/in.rshd -haL
disable = no
}
You could also put restrictions in /etc/hosts.allow and deny since xinetd will
use tcp wrappers if it's configured
Best wishes
-Don
--
Dr. Donald B. Kinghorn Parallel Quantum Solutions LLC
http://www.pqs-chem.com
More information about the Beowulf
mailing list