[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh version 3.4p1-1and RSA authentification / POST

Thank to people that helped me the problem is resolved 

The problem was: ----------------

upgrade ssh (potato) to ssh woody 3.4p1-1 on a 10PC's cluster.
After the upgrade the passwordless configuration of ssh (based on 
RhostAutentification) did not work anymore on the nodes of the cluster.

The causes: --------------------

There is 2 possibilities to set machines equivalent, which implies no 
password to connect from one to antoher:

the RhostsRSAAuthentication, which reads the public keys in 

the PublicKeyAuthentication, which uses files in ~/.ssh/id* files
(id_rsa or id_dsa). 

The configuration I used didn't properly apply one or the other possibility.

The solution(s): ------------------

The RhostsRSAAuthentication is more adapted for my cluster, because the home 
directory is the same on all nodes. The other reason is that it is more easy 
to administrate because there is only one file (/etc/ssh/ssh_known_hosts) to 
configure for nodes instead of several files in the ~/.ssh directory (which 
must also be copied for all the users...)

Alexandre Vitrac gave me the solution (I thank him one time more...):

1. copy all the public keys in /etc/ssh of all nodes in the file 
/etc/ssh/ssh_known_hosts. Add node dns name and IP before the key.
2. add the nodes in /etc/ssh/shosts.equiv 
3. Have "RhostsRSAAuthentication yes" AND "HostbasedAuthentication yes"
in the files /etc/ssh/ssh_config AND /etc/ssh/sshd_config for all the nodes.
4. have /usr/lib/ssh-keysign with the setuid bit set. This can be obtained 
using dpkg-reconfigure
5. have ssh with the setuid bit set. (chmod +s /usr/bin/ssh). This I don't 
know why, but if it is not the case nothing works well.
6. restart /etc/init.d/ssh

and it works ... OUF!

Thanks to Alexandre Vitrac and Joel Fernandez for the help.


Reply to: