LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices


Reply
  Search this Thread
Old 02-17-2008, 06:37 PM   #1
Stevie-B-242
LQ Newbie
 
Registered: Oct 2005
Posts: 9

Rep: Reputation: 0
Quickest Way to Setup Password-less SSH in a Cluster


I'm a relative Linux newbie and am setting-up a small Linux cluster with the compute nodes running RHEL5 (non-ROCKS).

This is in a lab environment and is completely cut-off from the outside world so I am not all that worried about security (...one needs physical access to the cluster area to interact with the nodes, therefore feel free to propose a solution which would be considered too unsecured for most enterprise deployments...I'm just looking for the quickest way to get to the desired end result %-)

The nodes do not share any portion of their file structure.

I need to setup SSH so that I can move between nodes without being prompted for a password.

I've done some reading on setting-up a host-based authentication scheme based on a list of public keys and this sounds like an OK solution but I just need a quick and easy way to:
-------------------------------------------
* generate a hosts file to all nodes
* generate and "harvest" the minimum number of necessary keys
* create the file which references the necessary keys
* distribute the necessary files to all the nodes

I thought I might be able to use something like pdsh to make this whole task quick and efficient but I think this poses a Catch-22 situation (...I want to use pdsh to setup password-less SSH but pdsh requires password-less SSH to be already setup).

...even as I'm writing this, I fear I am going about all of this the wrong way (...I have a relatively low-horsepowered brain and I therefore tend to naturally do things in the most inefficient and backwards sort of way possible :-(

...anyway...I'm hoping that someone out there knows of a much quicker and straight-forward way to setup this basic kind of functionality in a Linux cluster.

Thanks in advance for any help you can offer me in this endeavor!

--Steve
 
Old 02-17-2008, 08:40 PM   #2
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
http://suso.org/docs/shell/ssh.sdf
... scroll down to the bit about ssh-agent.
 
Old 02-17-2008, 08:56 PM   #3
Stevie-B-242
LQ Newbie
 
Registered: Oct 2005
Posts: 9

Original Poster
Rep: Reputation: 0
...thanks for the link to further information.

One follow-up question though; Will ssh-agent work for my situation if I am not using X Windows?

Here's what I see when I attempt to use ssh-agent:

[root@C1-HSM ~]# ps auxw |grep ssh-agent
root 3183 0.0 0.0 4296 500 ? Ss Feb16 0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session /etc/X11/xinit/Xclients
root 3922 0.0 0.0 3888 688 pts/1 S+ 18:52 0:00 grep ssh-agent
[root@C1-HSM ~]#
[root@C1-HSM ~]#
[root@C1-HSM ~]# ssh-add
Could not open a connection to your authentication agent


--Steve
 
Old 02-17-2008, 10:45 PM   #4
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
From ssh man page:
Quote:
The idea is that ssh-agent is started in the begin‐
ning of an X-session or a login session, and all other windows or pro‐
grams are started as clients to the ssh-agent program
If you don't start an X session then you need to start ssh-agent as part of the normal login session.

Basically, you know how you do things. RHEL server should have this setup anyway, but you may not have a standard install.

Quote:
# ssh-add
Could not open a connection to your authentication agent
This basically says that ssh-add could not add any keys because it does not know where to connect to ssh-agent. Using the eval command fixes this problem:
$ eval `ssh-agent`

Read through the man pages - it's what you need and nerve-wrackingly easy to use.

Last edited by Simon Bridge; 02-17-2008 at 10:53 PM.
 
Old 02-20-2008, 05:04 PM   #5
J_BOO
LQ Newbie
 
Registered: Dec 2007
Posts: 6

Rep: Reputation: 0
Not sure how you image/install your nodes. I have used systemimager to clone nodes. On the "golden image" we just have the authorized_keys and id_dsa key already in /root/.ssh/ So once the node is imaged it is already setup for passwordless ssh. I imagine you could do the same with a post script in kickstart.
 
Old 02-20-2008, 06:15 PM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
If you ssh into each node manually, you will be building up a known-hosts file. You could then use that info to make the authorized-keys file used for key based authentication.
 
Old 05-10-2012, 05:49 AM   #7
arikl
LQ Newbie
 
Registered: May 2012
Posts: 1

Rep: Reputation: Disabled
Post pdsh passwordless loggin

I came accross the same problem...
i built some shellscript that getting all hosts as arguments and stores your source machine key on them.
after doing so you will be able to login without prompt(that solved all pass prompt for me except one that I'm still trying to solve...)

you MUST run this script from root directory!

this is the shell script code:


Code:
#!/bin/sh

# remove following remark if you want to generate new key on source machine - not recommended!
# ssh-keygen -t rsa

count=1
until [ "$*" = "" ]
do
  ssh root:<destination host password>@$1 mkdir -p .ssh
  cat .ssh/id_rsa.pub | ssh root:<destination host password>@$1 'cat >> .ssh/authorized_keys'

  shift
  count=`expr $count + 1`

done
the use is as follows:
root@somehost~# loop_auth.sh host1 host2 host3

the bad side of this method is that you need to insert password to all hosts manully using this tool.
but once finished, you can use pdsh without the need to prompt for passwords

hope it helps you...

Last edited by arikl; 05-10-2012 at 05:51 AM.
 
Old 05-10-2012, 07:11 AM   #8
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Quote:
Originally Posted by arikl View Post

hope it helps you...
Hopefully after 4 years it will.
 
Old 05-11-2012, 09:49 AM   #9
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,338

Rep: Reputation: 259Reputation: 259Reputation: 259
Quote:
Originally Posted by arikl View Post
i built some shellscript that getting all hosts as arguments and stores your source machine key on them.
after doing so you will be able to login without prompt(that solved all pass prompt for me except one that I'm still trying to solve...)

you MUST run this script from root directory!
NB: there is the script ssh-copy-id provided by OpenSSH to copy the ssh-key to one machine.
 
Old 06-04-2012, 12:39 AM   #10
snowmobile74
LQ Newbie
 
Registered: Nov 2003
Location: Reston, VA
Distribution: Slackware for everything
Posts: 22

Rep: Reputation: 1
It sounds like you would benefit from a remote execution platform more.

check out, http://saltstack.org/

With this you have all the minions authenticate with your master and execute commands across the cluster, or use wildcard matching to only do it on specific hots.

an example of a command is
salt -E '.*' cmd.run 'ls -l | grep foo'
 
Old 06-07-2012, 02:05 PM   #11
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
This works for me (probably insecure so use with caution)

Generate the keys (in any server)

Code:
ssh-keygen
When it asks you for a passphrase...just hit enter (i.e. leave it blank)

Next "cat" the "id_rsa.pub" to the "authorized_keys" file...

Code:
cd ~/.ssh/
cat id_rsa.pub >> authorized_keys
Now copy the "id_rsa.pub" "authorized_keys" AND the "id_rsa" file to ALL nodes you want to ssh to (for example)...
Code:
scp id_rsa.pub node:~/.ssh/
scp authorized_keys node:~/.ssh/
scp id_rsa node:~/.ssh
Now everytime you want to access the node without a password you have to reference the "id_rsa" file in your ssh/scp commands with the -i option...

Code:
ssh -i ~/.ssh/id_rsa node <commands you want to run>
scp -i ~/.ssh/id_rsa file.txt node:/tmp/file.txt
HTH

-C
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: ssh on multiple servers Using cluster ssh LXer Syndicated Linux News 0 01-11-2008 03:40 PM
RH Cluster Fence Password Script quackerjack_98 Red Hat 0 08-15-2007 12:38 PM
Passwordless SSH for Cluster nedian123 Linux - Networking 3 12-07-2004 10:15 PM
cluster-setup fineass Linux - Networking 0 10-23-2003 01:24 PM
how do I SSH into a cluster node? dogma Linux - Newbie 4 05-15-2003 04:31 PM

LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 01:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration