[Beowulf] problem of mpich-1.2.7p1
Mark Hahn
hahn at mcmaster.ca
Thu Feb 4 12:43:35 PST 2010
> simple instructions (or a link) on how to setup passwordless ssh
> through host based trust.
it's fairly simple. hosts need to know each other (ie, host keys in
/etc/ssh/ssh_known_hosts), and each machine needs a list of trusted
hosts in /etc/ssh/shosts.equiv. target machines need sshd_config
to contain "HostbasedAuthentication yes". source machines need ssh_config
to contain "EnableSSHKeysign yes" (I don't remember whether clients can
do this via "ssh -oEnableSSHKeysign=yes" or not.)
one nice thing about hostbased trust is that it can (and probably should be)
asymmetric. to be useful, compute nodes probably need to trust admin
and/or login nodes, but your login node doesn't have to trust compute nodes.
of course, you should never use this for machines you don't, well, "trust"
(such as random client machines outside your admin control...)
unencrypted public keys are very easy, and they work - the problem is that
it's like putting your password into a file called ".hacker.please.take" ;)
More information about the Beowulf
mailing list