ConfiguringSSH
It is possible to configure ssh to allow for password-less access to any cluster computer from any other cluster computer. Thus allowing you to launch jobs on remote cluster computers without having to log into those computers.
Example:
[fisher@kimclust15]$ ssh kimclust34 hostname
kimclust34[fisher@kimclust15]$ ssh kimclust34 date
Thu Apr 26 12:26:39 EDT 2001
To configure ssh first create a RSA key. This will ask you for a passphrase. You MUST enter a passphrase - do not leave this empty.
[fisher@kimclust15]$ ssh-keygen
Next, copy your public RSA key to your list of authorized keys:
[fisher@kimclust15]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys2
Then add the following to your vnc startup script(~/.vnc/xstartup). If you haven't yet run VNC, the 'xstartup' won't exist so you will need to launch VNC to have VNC create the xstartup file. Once launched, you can then kill the VNC server and continue below (see ConfiguringVNC).
Note that this example uses the 'twm' window manager:
exec echo "ssh-add < /dev/null; exec twm" | exec ssh-agent sh
This example uses the 'gnome' window manager:
exec echo "ssh-add < /dev/null; exec gnome-session" | exec ssh-agent sh
Now when you start a new vnc session, it will first ask you for your password and then allow you password-less access from kimclust15 (the machine running your vncserver) to any other cluster machines. However if you ssh to kimclust31 from kimclust11 (for example), you will need a password to go from kimclust31 elsewhere. Even though you didn't need a password to go from kimclust15 to kimclust31 (the password-less login doesn't transfer from initial terminal login).
You can add password-less logins from other machines or without running vnc, but that gets more complicated.
Change permissions for your .ssh directory and .ssh/id_rsa.pub file with the following:
[fisher@kimclust15]$ chmod go-rx .ssh[fisher@kimclust15]$ chmod go-rx .ssh/id_rsa.pub
After running ssh-keygen and copying your file to authorized_key2, you can start RSA authentication from an xterm with the following:
[fisher@kimclust15]$ eval `ssh-agent`Or use the alias:[fisher@kimclust15]$ ssh-add
-
[fisher@kimclust15]$ slogin
You can now use password-less access to the remaining cluster machines from this xterm. To kill your ssh-agent when finished:
[fisher@kimclust15]$ ssh-agent -kOr use the alias:
-
[fisher@kimclust15]$ slogout
Make sense? If not (it's somewhat confusing and i'm sure my description isn't helping much), contact StephenFisher.