It is possible to configure ssh to allow for password-less access to any cluster computer from any other cluster computer. Thus allowing you to launch jobs on remote cluster computers without having to log into those computers.

Example:

[fisher@kimclust11]$ ssh kimclust34 hostname
kimclust34

[fisher@kimclust11]$ ssh kimclust34 date
Thu Apr 26 12:26:39 EDT 2001

To configure ssh first create a DSA key:

[fisher@kimclust11]$ ssh-keygen -d

Next, copy your public DSA key to your list of authorized keys:

[fisher@kimclust11]$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys2

Then add the following to your vnc startup script(~/.vnc/xstartup). If you haven't yet run VNC, the 'xstartup' won't exist so you will need to launch VNC to have VNC create the xstartup file. Once launched, you can then kill the VNC server and continue below (see ConfiguringVNC).

Note that this example uses the 'twm' window manager:

exec echo "ssh-add < /dev/null; exec twm" | exec ssh-agent sh

This example uses the 'gnome' window manager:

exec echo "ssh-add < /dev/null; exec gnome-session" | exec ssh-agent sh

Now when you start a new vnc session, it will first ask you for your password and then allow you password-less access from kimclust11 (the machine running your vncserver) to any other cluster machines. However if you ssh to kimclust31 from kimclust11 (for example), you will need a password to go from kimclust31 elsewhere. Even though you didn't need a password to go from kimclust11 to kimclust31 (the password-less login doesn't transfer from initial terminal login).

You can add password-less logins from other machines or without running vnc, but that gets more complicated...after running ssh-keygen and copying your file to authorized_key2, you can start DSA authentication from an xterm with the following:

[fisher@kimclust11]$ eval `ssh-agent`

[fisher@kimclust11]$ ssh-add

[fisher@kimclust11]$ slogin

You can now use password-less access to the remaining cluster machines from this xterm. To kill your ssh-agent when finished:

[fisher@kimclust11]$ ssh-agent -k

[fisher@kimclust11]$ slogout

Make sense? If not (it's somewhat confusing and i'm sure my description isn't helping much), contact StephenFisher.