The systemwide configuration file /etc/ssh2/sshd2_config had to be edited so as to allow
So, this is exactly what I have done:
On my linux machine
1.) No changes in the /etc/ssh/*_config files neccessary.
2.) remove old .ssh-stuff:
3.) generate new openssh public/privat key pair ( I took dsa-type and 2048 bit length here, other values might as well work):
$ ssh-keygen -t dsa -b 2048
take default paths
no passphrase (type <enter> twice).
cd to newly generated .ssh-directory
should list at least the files
4.) export newly generated pair of keys to ssh.com format:
$ ssh-keygen -e -f id_dsa > id_dsa_2048_b
$ ssh-keygen -e -f id_dsa.pub > id_dsa_2048_b.pub
5.) append public key to list of authorized keys:
On my TRU64 machine:
$ cat id_dsa.pub > authorized_keys
6.) Look up /etc/ssh/sshd2_config
> more /etc/ssh2/ssh2d.config
There has to be a line saying something like
If this line is NOT commented out, everything should be Ok. If not, ask your system-administrator to change it. In my opinion publickey-auth is much saver than
hostbased, but that may be a matter of taste.
7.) remove old .ssh2-stuff (ssh.com configuration files)
8.) generate new commercial ssh-key pair:
> ssh-keygen2 -t dsa -b 2048
again, take default paths and choose no passphrase (otherwise you will be asked each time you log in, which is not want I wanted...)
9.) copy the two openssh-keys which you transformatted in step 4.) to pwd.
> cp ../.ssh/id_dsa_2048_b* .
10.) Add public keys to list of authorized keys and privat keys to list of
> echo Key id_dsa_2048_a.pub > authorization
> echo Key id_dsa_2048_b.pub >> authorization
> echo IdKey id_dsa_2048_a > identification
> echo IdKey id_dsa_2048_b >> identification
11.) Import commercial pair of keys in ~/.ssh:
$ cd .ssh
$ ssh-keygen -i -f ../.ssh2/id_dsa_2048_a > id_dsa_b
$ ssh-keygen -i -f ../.ssh2/id_dsa_2048_a.pub > id_dsa_b.pub
12.) Add new public key to list of authorized keys:
$ cat id_dsa_b.pub >> authorized_keys
That should do it. Maybe some steps are unnecessary, but this worked for me. Now I can finally run mpi on our cluster