To use passwordless ssh, the hosts to which you want to connect must be configured to satisfy the following requirements:• An sshd server must be running.• RSA public key authentication must be enabled and empty passphrases must be allowedin the sshd configuration.Note: Public key authentication is enabled in OpenSSH by default.The following steps allow you to use ssh between computers that share your login directorywithout specifying a password.1. Generate a public/private RSA key pair on a host of your choice, whose home directory isshared with the remote hosts that you want to run jobs on:cd ~/.sshssh-keygen -t rsaNote: When asked for a passphrase do not enter one; just press ENTER. If you specify apassphrase it defeats the purpose of configuring passwordless ssh.
2. Add your public key to the list of keys allowed to log in to your account:cat id_rsa.pub >> authorized_keys
3. Suppress the confirmation dialog you ordinarily get when you connect to a machine for
the first time:
echo "StrictHostKeyChecking no" >> config
This is necessary if you want to use ssh non-interactively and you cannot get RSA signatures
for every host to which you want to allow connections in your known_hosts file
ahead of time.
4. Remove your known_hosts file:
rm known_hosts*
This is necessary so that the new RSA key-pair mechanism is used for every host. Otherwise,
hosts to which you previously connected using passwords might not use the new
system automatically.
VERY IMPORTANT AND EASY TO MISS!!!!!!!!!!!!!!!!( This can cost you hours):
5. Make sure your home directory cannot be written by anyone but you:
chmod 700 ~
This is required before ssh will allow passwordless access to your account on the nodes.
For each home directory that is not shared with that of the chosen host:
1. Copy the public and private keys to that home directory:
scp ~/.ssh/id_rsa* other-host/~/.ssh/
2. Connect to the host on which that home directory is mounted and change to the .ssh
directory:
cd ~/.ssh
3. Repeat Step 2 through Step 5 above.
4. Ensure that id_rsa (the private key) is readable and writeable only by the user:
chmod go-rwx ~/.ssh/id_rsa
|
|
