Re: ssh version 3.4p1-1and RSA authentification / POST
Thank to people that helped me the problem is resolved
The problem was: ----------------
upgrade ssh (potato) to ssh woody 3.4p1-1 on a 10PC's cluster.
After the upgrade the passwordless configuration of ssh (based on
RhostAutentification) did not work anymore on the nodes of the cluster.
The causes: --------------------
There is 2 possibilities to set machines equivalent, which implies no
password to connect from one to antoher:
the RhostsRSAAuthentication, which reads the public keys in
/etc/ssh/ssh_known_hosts
the PublicKeyAuthentication, which uses files in ~/.ssh/id* files
(id_rsa or id_dsa).
The configuration I used didn't properly apply one or the other possibility.
The solution(s): ------------------
The RhostsRSAAuthentication is more adapted for my cluster, because the home
directory is the same on all nodes. The other reason is that it is more easy
to administrate because there is only one file (/etc/ssh/ssh_known_hosts) to
configure for nodes instead of several files in the ~/.ssh directory (which
must also be copied for all the users...)
Alexandre Vitrac gave me the solution (I thank him one time more...):
1. copy all the public keys in /etc/ssh of all nodes in the file
/etc/ssh/ssh_known_hosts. Add node dns name and IP before the key.
2. add the nodes in /etc/ssh/shosts.equiv
3. Have "RhostsRSAAuthentication yes" AND "HostbasedAuthentication yes"
in the files /etc/ssh/ssh_config AND /etc/ssh/sshd_config for all the nodes.
4. have /usr/lib/ssh-keysign with the setuid bit set. This can be obtained
using dpkg-reconfigure
5. have ssh with the setuid bit set. (chmod +s /usr/bin/ssh). This I don't
know why, but if it is not the case nothing works well.
6. restart /etc/init.d/ssh
and it works ... OUF!
Thanks to Alexandre Vitrac and Joel Fernandez for the help.
Fabrice
Reply to: