Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Commands & Shells

SSH Login Without Password for a Linux Cluster

Submitted by on February 21, 2013 – 11:45 pm

Most HPC cluster management utilities will automatically take care of the password-less SSH configuration. However, if you are not so lucky, here are the simple steps to get this working. Keep in mind that, depending on your OS, you may have an oddball SSH version that is either too old or too new to work with these instructions. If that happens – sorry, I tried.

For our example code, we will be using the following cluster layout: head node “hn1” and six compute nodes running SLES (see diagram below). The first example shows how to set up password-less SSH on per-user basis. The user name for that example will be “bob”. The second example will show how to configure password-less SSH for all users.

Method 1: Generating RSA authentication keys for individual users

This method works for password-less SSH access on per-user basis. As user “bob” login to hn1.

Step 1: generate RSA key

bob@hn1:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/bob/.ssh/id_rsa):
Created directory '/home/bob/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/bob/.ssh/id_rsa.
Your public key has been saved in /home/bob/.ssh/id_rsa.pub.
The key fingerprint is:
3i:3f:02:79:3a:9f:96:7d:3d:bc:e9:58:44:bc:37:e4 bob@hn1

Step 2: create ~/.ssh directory on the compute nodes. Repeat this step for every node from 1 to 6.

bob@hn1:~> ssh bob@node1 mkdir -p ~/.ssh
bob@node1's password:

Step 3: copy RSA key from hn1 to node1. Repeat this step for every node from 1 to 6.

bob@hn1:~> cat ~/.ssh/id_rsa.pub | ssh bob@node1 'cat >> ~/.ssh/authorized_keys'
bob@node1's password:

This process can be semi-automated with the script below. You will still be prompted for input on every step:

$!/bin/ksh
ssh-keygen -t rsa
i=1
while [ $i -le 6 ]
do
   echo "Adding node${i}"
   ssh bob@node${i} mkdir -p ~/.ssh
   cat ~/.ssh/id_rsa.pub | ssh bob@node${i} 'cat >> ~/.ssh/authorized_keys'
   (( i = i + 1 ))
done

Method 2: Configuring global SSH without password

This method will allow all non-privileged users password-less SSH access from the cluster head node to the compute nodes. If you required password-less SSH for root, please see additional steps at the end of this article. The SSH configuration file locations shown below are for SuSE/SLES operating systems.

Step 1: create shosts.equiv file on all nodes

On the head node of the cluster edit or create /etc/ssh/shosts.equiv containing hostnames of all nodes in the cluster. Set permissions for the shosts.equiv to 600 and copy it to /etc/ssh on all compute nodes. In our example, the shosts.equiv will look something like this:

hn1
node1
node2
node3
node4
node5
node6

Step 2: create ssh_known_hosts file on all nodes

The /etc/ssh/ssh_known_hosts file contains hostnames, IPs, and public RSA keys of all nodes in the cluster. The public RSA key can be found on each node in /etc/ssh/ssh_host_rsa_key.pub

The format of the ssh_known_hosts is as follows: , ssh-rsa Here’s an example showing an entry for one node with two NICs (two different networks). You can specify multiple IPs and hostnames for the same node in any order. However, you can only have one node per line.

172.20.1.1,nib1,192.168.1.1,n1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCN2frC4ARzjM4qZce81tEqg8mTNxaRUidGag2R9s3CfHl8EDZ/CRk9
rT+NwMQusp9TxRTiMsSvFfzm6JjqdzMklI9JaO/siqJIh//ilGOYyE78u70ViklrvQTgbIAaNhiTB4g85alm3COtSlRgUO5HqQI2I/SQDsUV2kQUIaO6KQ==

You can automate the task of building the ssh_known_hosts file by creating

Print Friendly, PDF & Email

Leave a Reply