Ssh – Passwordless ssh with NFS+NIS

nfsnisssh

I'm playing around with a cluster (with torque+open-mpi). I have a master node and compute nodes. Master submit jobs to computes nodes. To do it I use NIS+NFS in order to unify UID's and home directory. In order to execute remote commands I use ssh and keychain to get passwordless login.

Everything seems OK, doesn't it? Well not really.

For example let's say master is master node and node1 and node2 are compute nodes. So when Issue a job, node1 and node2 ask for the passphrase. Ensuing remote commands does not ask for passphrase anymore. Are you thinking all is OK? Not really 🙂

Let's say that I add 30 new nodes. I will have to enter the passphrase for the first time for every node, which is somewhat insane. Or let's say that I have to reboot some of the nodes, the same problem…

I've tried with openssh certificates (ssh-keygen -s …) but it's the same issue, I depend on ssh-agent. Perhaps what I'm looking for it's somewhat insecure, but I'd want that every compute node use the socket of master node. but I have no idea how to do it.

It seems that is not possible ssh via public key authentication for users administered with NIS , doesn't it?

Any idea? Thanks in advance

Best Answer

ssh-agent and some method of distributing the public key (authorized_keys in the users home directory, mounted over NFS works) is the standard answer to your request.

For bonus points you can consider using agent forwarding to pass your credentials along if you need to pass through more than one node for some reason..

As you've given no reason why this wouldn't work in your situation, I recommend that you implement this solution.

Related Solutions

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

SSH – Bad Owner or Permissions on ~/.ssh/config

I needed to have rw for user only permissions on config. This fixed it.

chmod 600 ~/.ssh/config

As others have noted below, it could be the file owner. (upvote them!)

chown $USER ~/.ssh/config

If your whole folder has invalid permissions here's a table of possible permissions:

Path	Permission
.ssh directory (code)	0700 (drwx------)
private keys (ex: `id_rsa`) (code)	0600 (-rw-------)
`config`	0600 (-rw-------)
public keys (*.pub ex: `id_rsa.pub`)	0644 (-rw-r--r--)
`authorized_keys` (code)	0644 (-rw-r--r--)
`known_hosts`	0644 (-rw-r--r--)

Sources:

openssh check-perm.c
openssh readconf.c
openssh ssh_user_config fix_authorized_keys_perms

Best Answer

Related Solutions

Ssh – How to automate SSH login with password

SSH – Bad Owner or Permissions on ~/.ssh/config

Related Topic