Re: ssh version 3.4p1-1and RSA authentification (2)
Hi everybody,
I forgetted to say that the /home directory is the same for all nodes. I
means that the ~/.ssh directory is also the same...
Should copy all the keys (in fact all the /etc/ssh directory) on all nodes?
Or is it possible to specify the pub keys (and also an authorized_keys)
somwhere in /etc/ssh so that resources are shared for all users of the
cluster?
Thanks very much for your help...
Fabrice
> I've got problems with the new version of ssh and sshd.
>
> > My cluster originally installed on potato 2.2r6 needed some upgrade of
> > ssh. I installed ssh version 3.4p1.
>
> This changes a lot of things. You must create new keys with the ssh-keygen
> command, using the option -t option to select the type of key. The old one
> used rsa1, the new one will use rsa (new format) by default, and dsa. Just
> create/recreate all 3 keys on you account and for root. The host keys have
> already been created when you installed the package.
>
> > Because the host keys had changed, I proceeded like this:
> > rm ~/.ssh/known_hosts
> > ssh node1
> > ...
> > ssh node N
> > cp ~/.ssh/known_hosts /etc/ssh/ssh_known_hosts
>
> The relevant file here is authorized_keys, not known_hosts. You must put
> the new rsa public keys of all hosts in it. Do not use the usual command
> ssh-copy-id, it will give an error (agent has no identities), or put the
> old rsa1 key instead of the rsa key which is looked up by default, so it
> will not work. Just edit the file directly. If you have hosts with both
> versions of SSH mixed up in the same network, then you must include the
> new or the old key as the case may be.
>
> > Protocol 2
>
> Note thay this forces protocol 2 and may lock out hosts with old versions
> os SSH if there are still any in this network.
>
> > #Privilege Separation is turned on for security
> > UsePrivilegeSeparation yes
>
> I thing you better turn this off...
> Cheers,
>
> ----------------------------------------------------------------
> Jorge L. deLyra, Associate Professor of Physics
> The University of Sao Paulo, IFUSP-DFMA
> For more information: finger delyra@latt.if.usp.br
> ----------------------------------------------------------------
Reply to: