Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Commands & Shells

Password-less SSH and Autofs

Submitted by on May 15, 2011 – 4:04 am 6 Comments

Recently I’ve ran into an unusual problem with SSH on SLES 11 SP1. The system – a small HPC cluster – is configured to use NIS for authentication and automounter maps. Whenever a user logs in, the home directory is automounted from an external NAS. Each user has a ~/.ssh directory with the authorized_keys2 and known_hosts required for password-less SSH access among the cluster nodes.

On the one hand, this configuration is useful because you only need to have one ~/.ssh directory, which is then automatically mounted on whatever system you are trying to access. The drawback is that, apparently, there is a risk of a chicken-or-egg paradox. In order to authenticate you, sshd on the target node needs to access your ~/.ssh, which needs to be automounted first, which in turn requires successful authentication. Sometimes password-less SSH failed because the home directory was not automounted.

In my experience, this problem is unique to SLES 11 SP1. I have not seen it on any other SLES or RHEL cluster with identical NIS/autofs configuration. I found that starting or restarting ypbind and autofs after sshd started helps avoid this problem. The simplest way to do this is to add “/etc/init.d/ypbind restart ; /etc/init.d/autofs restart” line at the end of your /etc/init.d/sshd startup section. A dirty fix to be sure, but it seems to work just fine.

Print Friendly, PDF & Email

6 Comments »

  • Cupcakerum says:

    I have a jailbroken iPhone 3G. How do I download/get SSH on my iPhone so I can use Cyder and install apps from my computer. I need this because my wifi feature died and doing it from the computer is the only way I have left.

  • sam N says:

    The SSH client on the switch is enabled.

    Communication between the switch and remote users is encrypted.

    A username/password combination is no longer needed to establish a secure remote connection to the switch.

    The switch requires remote connections via proprietary client software.

  • forahobby says:

    I am tired of having to plug my ipod into my computer to put new music on it. I was wondering how i could do this using ssh. I would also rather it be put on the music app not something like dTunes.

  • Dark_LovexXx says:

    I’m looking at running SSH on my school laptop because pretty much everything useful has been blocked, but I don’t want to run my home internet cap over by doing this. If i use an SSH tunnel to get past the proxy will I use up my home internet cap?

  • nothin_nyce1 says:

    My friend set up a vps I can download torrents onto, then use SSH to get them onto my computer. He said it’s encrypted and my ip is totally hidden/anonymous. Is this true that nobody, not even my isp can see?

  • Ed D says:

    i have tried WINscp and disk-aid but is there a good free ssh program???
    any help is much appreiated.

Leave a Reply

%d bloggers like this: