Index

ConfiguringSSH

It is possible to configure ssh to allow for password-less access to any cluster computer from any other cluster computer. Thus allowing you to launch jobs on remote cluster computers without having to log into those computers.

Example:

[fisher@kimclust15]$ ssh kimclust34 hostname
kimclust34

[fisher@kimclust15]$ ssh kimclust34 date
Thu Apr 26 12:26:39 EDT 2001

To configure ssh first create a RSA key. This will ask you for a passphrase. You MUST enter a passphrase - do not leave this empty.

[fisher@kimclust15]$ ssh-keygen

Next, copy your public RSA key to your list of authorized keys:

[fisher@kimclust15]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys2

Then add the following to your vnc startup script(~/.vnc/xstartup). If you haven't yet run VNC, the 'xstartup' won't exist so you will need to launch VNC to have VNC create the xstartup file. Once launched, you can then kill the VNC server and continue below (see ConfiguringVNC).

Note that this example uses the 'twm' window manager:

exec echo "ssh-add < /dev/null; exec twm" | exec ssh-agent sh

This example uses the 'gnome' window manager:

exec echo "ssh-add < /dev/null; exec gnome-session" | exec ssh-agent sh

Now when you start a new vnc session, it will first ask you for your password and then allow you password-less access from kimclust15 (the machine running your vncserver) to any other cluster machines. However if you ssh to kimclust31 from kimclust11 (for example), you will need a password to go from kimclust31 elsewhere. Even though you didn't need a password to go from kimclust15 to kimclust31 (the password-less login doesn't transfer from initial terminal login).

You can add password-less logins from other machines or without running vnc, but that gets more complicated.

Change permissions for your .ssh directory and .ssh/id_rsa.pub file with the following:

[fisher@kimclust15]$ chmod go-rx .ssh

[fisher@kimclust15]$ chmod go-rx .ssh/id_rsa.pub

After running ssh-keygen and copying your file to authorized_key2, you can start RSA authentication from an xterm with the following:

[fisher@kimclust15]$ eval `ssh-agent`

[fisher@kimclust15]$ ssh-add

Or use the alias:

You can now use password-less access to the remaining cluster machines from this xterm. To kill your ssh-agent when finished:

[fisher@kimclust15]$ ssh-agent -k
Or use the alias:

Make sense? If not (it's somewhat confusing and i'm sure my description isn't helping much), contact StephenFisher.