[Beowulf] passwordless rsh/ssh
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Geoff Jacobs gdjacobs at gmail.comTue Jun 21 19:14:34 PDT 2005
- Previous message: [Beowulf] passwordless rsh/ssh
- Next message: [Beowulf] passwordless rsh/ssh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Cheng, Kevin wrote: > Dear all > > I manage to get rshd/rsh and ssh to work. I can rsh / ssh to myself > localhost. I notice that I cannot log in as root via rsh and have to > use a normal user account for rsh. Is this normal? Does it matter to > MPICH whether it's root or not root passwordless login? > > When I ssh/rsh to another machine I have to use it's IP address. How > do I get around this so that I can rsh/ssh using hostname? > > I manage to get ssh passwordless to localhost, but not to other hosts. > If I was using ssh, how would I configure MPICH-1 to use ssh instead > of it using rsh by default? > > Did anyone know how to make rsh passwordless? > >------------------------------------------------------------------------ > >_______________________________________________ >Beowulf mailing list, Beowulf at beowulf.org >To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf > > First, security considerations. Rsh has large security problems. It is susceptible to both packet-sniff attacks and spoof attacks. Executing such attacks is a trivial matter if the machine accepting rsh sessions is not on a separate, trusted network. Any beowulf-style cluster using rsh as the underlying protocol for MPICH or whatever must exist behind a good firewall and have a trusted userbase. If you wish to make rsh passwordless, create a file called .rhosts in your home directory. If your username is fred and login/shell machine is called bedrock, this file should contain a couple of lines formatted as follows: localhost fred bedrock fred This file must exist in your home directory for every machine where you want passwordless rsh access. Public key authenticated ssh is passwordless, but has few of the problems of rsh. I believe most people, including yours truly, would consider this method safe enough to be used on a public network. In your $HOME/.ssh directory, create a file: cd ~/.ssh touch authorized_keys chmod 600 authorized_keys If you have not generated an ssh keypair on your client, type ssh-keygen -t dsa and follow the prompts. Then copy the private key into the authorized_keys file: cat id_dsa.pub >> authorized_keys On any machine where you want passwordless ssh logins, copy the authorized keys file from your client into the ssh directory under your home on the target machine. scp ~/.ssh/authorized_keys fred at target:~/.ssh/authorized_keys Test the configuration by typing: ssh fred at target ls -l ~/.ssh You should get output like total 2 -rw------- 1 fred fred 601 Jun 13 18:27 /home/fred/.ssh/authorized_keys -rw-r--r-- 1 fred fred 1394 May 24 20:19 /home/fred/.ssh/known_hosts without entering a password. It is critical that permissions remain correct for your authorized_keys file on the target machine. If they are not correct (i.e. someone borked the umask), you may still be asked for a password. If the line in front of authorized_keys in the above command does not read -rw-------, then type ssh fred at target chmod 600 ~/.ssh/authorized_keys. and use your password for the last time in this example. -- Geoffrey D. Jacobs MORE CORE AVAILABLE, BUT NONE FOR YOU.
- Previous message: [Beowulf] passwordless rsh/ssh
- Next message: [Beowulf] passwordless rsh/ssh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list