SSH keys and passwordless authentication between worker nodes
- Details Hits: 10955
Hmm, this might be handy: how to get a paswordless authentication between worker nodes.
Why? Say you want to copy files from an MPI head-node on the other nodes, or you have a server (example debugging) that needs to connect to all MPI nodes without using a password. (and you do not have the right to configure your queue)
The commands are pretty basic: ssh-keygen. If you really wish, you can restrict its use only in this cluster by using from="172.16.*.*" at the beginning of the line like this:
[heri@fep-53-2 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/heri/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/heri/.ssh/id_rsa.
Your public key has been saved in /export/home/heri/.ssh/id_rsa.pub.
The key fingerprint is:
ba:a8:bd:28:05:28:3a:0b:44:27:8a:d4:0b:c3:df:35
This email address is being protected from spambots. You need JavaScript enabled to view it.
[heri@fep-53-2 ~]$ echo -ne "from=\"172.16.*.*\" " >> ~/.ssh/authorized_keys2
[heri@fep-53-2 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys2
[heri@fep-53-2 ~]$ chmod 600 ~/.ssh/authorized_keys2
So ... let's try it out. Remember, it will be the first authentication, so you do not have a known_hosts entry.
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa MY_HOST
Does the trick. You may get your list of nodes from the $PE_HOSTFILE variable.
[heri@fep-53-2 ~]$ qsub -q ibm-quad.q -pe openmpi*1 2 -S /bin/bash
echo "File that contains all nodes and slots: [$PE_HOSTFILE]"
export MYNODES=`cat $PE_HOSTFILE | cut -f 1 -d ' '`
for x in $MYNODES;
do
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa $x "echo Hi my name is `hostname`!"
done
Your job 94760 ("STDIN") has been submitted
[heri@quad-wn07 ~]$ cat STDIN.*94760
Warning: Permanently added 'quad-wn26.grid.pub.ro,172.16.4.26' (RSA) to the list of known hosts.
Warning: Permanently added 'quad-wn12.grid.pub.ro,172.16.4.12' (RSA) to the list of known hosts.
File that contains all nodes and slots: [/opt/n1sge6/sge-6.2u3/NCitCluster/spool/quad-wn26/active_jobs/94760.1/pe_hostfile]
Hi my name is quad-wn26.grid.pub.ro!
Hi my name is quad-wn26.grid.pub.ro!