Ssh passwordless : Urgent
 

Hi
I am setting up a small cluster and i need to access the slave machines through ssh shell without password. There are a lot of things available on the net but none concerns my issues.

1. I need that all the users connected to the server should be able to connect to the slave or nodes through ssh without password

2. I found a method on the web but i am unable to find it now that did not involve any transfer of keys from one pc to other. It used only the files hosts.allow, hosts.deny and hosts.equiv

I am using Redhat 9 linux.

Thankx in Advance

Muneeb Shaukat

you seem to want the public/private key scheme, then here:
http://inst.eecs.berkeley.edu/cgi-bi...?file=ssh.help

hosts.equiv is rsh it is not ssh.
I believe you can set up SSH to work in this way:
---On your head node---
ssh-keygen -t dsa -f ~/.ssh/mykey
cd ~/.ssh
mv mykey identity
cp mykey.pub authorized_keys

At this point you should be able to ssh to yourself. (verify to make sure it works)
Then copy the ssh directory to your nodes.
scp -r ~/.ssh node_whatever:/home/username/

You should then be able to ssh to all nodes without a password.

i believe you have to run ssh-agent and ssh-add to add your key and enter the passwod once

well the lam mpi can run on ssh or rsh as a matter of fact so can there is a way that the rsh becomes passwordless without involving keys..

For RSH (only if this is behind a secure firewall)
Put the node/host names in your /etc/hosts.equiv or ~/.rhosts file.
If you need root to have rsh access also then you will have to add rlogin, rexec, rsh into your /etc/securetty
You will have to have rsh, rlogin, rexec on before anything works. (chkconfig --list to see if they are enabled) they should be listed in the xinetd section.

Hi,

I have a similar question. I have created the ssh key-gen pair and logging in as root passwordless (from serverA to serverB) works. However, I have a cronjob run by root on serverA that scp files at midnight over to serverB. The sshd_config in both machines allow root login. If I disable root login, is this cronjob going to fail? Thanks for your help!

-twantrd

If the cronjob runs as root, and you disable root on ssh, then yes, this job will fail.

Ahh, that's what I needed to know. Sure I could try it out but I didn't have access to my boxes for testing. Thanks for the quick reply!

-twantrd

the last command should be cat mykey.pub >> authorized_keys
J.

hello i am also setting cluster now ..

it seems lam/mpi uses rsh to connect ...i do not have rsh installed..

so how to set the mpi to use ssh ..!!

because i enabled ssh as passwordless login..

passwordless ssh login
 

1) Type the following script in a file named "sshlogin".

#!/usr/bin/expect --

set timeout 180
set machine [lindex $argv 0]
set username [lindex $agrc 1]
set password [lindex $argv 2]
spawn ssh $username@$machine
expect "$username@$machine's password: "
send "$password\n"
interact


2) Give executable permission to the file.

chmod 711 sshlogin

3) put this file in /bin folder

4) Now for a user "abc" wants to login to a machine node1 using password "xyz", the command is :
sshlogin node1 abc xyz

I think this should solve your problem

Small Change is Passwordless SSH login Script
 

I have misspelled argv1 as agrc1
the corrected script is here.

#!/usr/bin/expect --

set timeout 180
set machine [lindex $argv 0]
set username [lindex $argv1]
set password [lindex $argv 2]
spawn ssh $username@$machine
expect "$username@$machine's password: "
send "$password\n"
interact

How about sshd_config ?

When I config SSH with RSA , it show me following message.
What is it ?

"... Disabling protocol version 2. Could not load host key"

My sshd_config is: ---------------------------

Port 22

HostKey /etc/ssh/ssh_host_key

KeyRegenerationInterval 3600

SyslogFacility AUTHPRIV

PermitRootLogin no

RsaAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

IgnoreRhosts yes

IgnoreUserKnownHosts yes


X11Forwarding yes

AllowUsers user1 user2


*****************************************

I have created a local RSA key:

ssh-keygen -t rsa -f /home/user/.ssh/user_id.pub

mv .ssh/user_id.pub .ssh/authorized_keys

*****************************************

Where is my mistake ? Please advice me. .........

Hi Blinker_Fluid,

I tried. When I used the command "ssh-keygen -t dsa -f ~/.ssh/mykey" it asked to enter a passphrase. I entered a password.
After doing all these steps that you have suggested, I tried to ssh. The it again asked to enter "passphrase". So, it is not realy a passwordless connection. LAM/MPI requies connection without any external input.

Is there any thing missing?

Thanks.
Manoj

Did you add new public key file (with passphrase) to authorized key file of remote SSH server?

Like:
cat user_id.pub >> authorized_keys

There is:
user_id.pub - Your public key file with is create on your computer with "passphrase"
authorized_keys - Remote SSH server authorized key file

Hi Blinker_Fluid,

Sorry, I figured out this.

dont enter password when generating just do a "enter" hit when asked !

Thanks for posting this solution; however I found a bug:
if password begins with "-" it doesn't work. It interprets the password as an option. What can be done?

Another question, how secure is this?

Regards

what is this script for?

It was posted by vineet.k; it automates the process of ssh-ing. If you call it "sshlogin" (and give it proper permissions) it runs like this:

and what it does is: log into machine "node1", with username "abc" and password "xyz".
You can execute inside another script and you don't have to be prompted for the password every time. I know it is risky and ugly if you want, but I cannot manage to get working the public key stuff (as I don't have root access to the listener machine I don't know if I will be able to solve that question; I believe it is related to some conf file)

I hope to have clarified your question...
Anyway, mine still remains: how (un)secure is this thing?

Regards

SSHlogin
 

If your password starts with - then try using " " [quotes].
I have not tried this. Hope this should work.
Or sometimes it may take " " as a part of your password.

Every coin has two sides.

Got any other solution for this issue ?

One more problem is there. Since you are spawning a program with another, the child process will be limited to use the total memory allocated for the parent process.
Try sshlogin to a machine and then try listing ( ls -l ) a directory with not less that 100 files. At times the ls will go into an infinite loop, you can get out of it. (Even with Cntrl + C). Since it is a seperate process.


Take care.

Indeed I tried it and yes, it considers " just another character of the password.
If must be something simple, but I can't find the good side of the coin...

Any "expect" expert around here?

Regards

You mention about rsh, and hosts.equiv file. But in the previous postings there hasn't been any reference or query about this matter.

However, how do you use the hosts.equiv file to get passwordless rsh?