Re: ssh version 3.4p1-1and RSA authentification (2)

To: debian-beowulf@lists.debian.org
Subject: Re: ssh version 3.4p1-1and RSA authentification (2)
From: Fabrice Yerly <fabrice.yerly@epfl.ch>
Date: Thu, 21 Nov 2002 12:21:42 +0100
Message-id: <[🔎] 20021121122022.39D3A1F40A@murphy.debian.org>
In-reply-to: <[🔎] Pine.LNX.4.44.0211210830490.17410-100000@latt.if.usp.br>
References: <[🔎] Pine.LNX.4.44.0211210830490.17410-100000@latt.if.usp.br>

Hi everybody,

I forgetted to say that the /home directory is the same for all nodes. I 
means that the ~/.ssh directory is also the same...

Should copy all the keys (in fact all the /etc/ssh directory) on all nodes?
Or is it possible to specify the pub keys (and also an authorized_keys) 
somwhere in /etc/ssh so that resources are shared for all users of the 
cluster?

Thanks very much for your help...

Fabrice

>  I've got problems with the new version of ssh and sshd.
>
> > My cluster originally installed on potato 2.2r6 needed some upgrade of
> > ssh. I installed ssh version 3.4p1.
>
> This changes a lot of things. You must create new keys with the ssh-keygen
> command, using the option -t option to select the type of key. The old one
> used rsa1, the new one will use rsa (new format) by default, and dsa. Just
> create/recreate all 3 keys on you account and for root. The host keys have
> already been created when you installed the package.
>
> > Because the host keys had changed, I proceeded like this:
> > rm ~/.ssh/known_hosts
> > ssh node1
> > ...
> > ssh node N
> > cp ~/.ssh/known_hosts /etc/ssh/ssh_known_hosts
>
> The relevant file here is authorized_keys, not known_hosts. You must put
> the new rsa public keys of all hosts in it. Do not use the usual command
> ssh-copy-id, it will give an error (agent has no identities), or put the
> old rsa1 key instead of the rsa key which is looked up by default, so it
> will not work. Just edit the file directly.  If you have hosts with both
> versions of SSH mixed up in the same network, then you must include the
> new or the old key as the case may be.
>
> > Protocol 2
>
> Note thay this forces protocol 2 and may lock out hosts with old versions
> os SSH if there are still any in this network.
>
> > #Privilege Separation is turned on for security
> > UsePrivilegeSeparation yes
>
> I thing you better turn this off...
> 							Cheers,
>
> ----------------------------------------------------------------
>         Jorge L. deLyra,  Associate Professor of Physics
>             The University of Sao Paulo,  IFUSP-DFMA
>        For more information: finger delyra@latt.if.usp.br
> ----------------------------------------------------------------

Reply to:

References:
- Re: ssh version 3.4p1-1and RSA authentification
  - From: "Jorge L. deLyra" <delyra@latt.if.usp.br>

Prev by Date: Re: ssh version 3.4p1-1and RSA authentification
Next by Date: Re: ssh version 3.4p1-1and RSA authentification
Previous by thread: Re: ssh version 3.4p1-1and RSA authentification
Index(es):
- Date
- Thread