Difference between revisions of "SSH"

From HCL
Jump to: navigation, search
(The best way is saying no "YES")
 
(26 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
== Passwordless SSH ==
 
== Passwordless SSH ==
 
To set up passwordless SSH, there are three main things to do:
 
To set up passwordless SSH, there are three main things to do:
 
+
* generate a pair of public/private keys on your local computer
    * generate a pair of public/private keys on your local computer
+
* copy the public key from the source computer to the target computer's authorized_keys file
    * copy the public key from the source computer to the target computer's authorized_keys file
+
* check the permissions.  
    * check the permissions.  
 
  
 
You can repeat that transitively for "A->B->C". You can use the initial pair of keys everywhere.
 
You can repeat that transitively for "A->B->C". You can use the initial pair of keys everywhere.
Line 12: Line 11:
 
http://www.stearns.org/doc/ssh-techniques.current.html
 
http://www.stearns.org/doc/ssh-techniques.current.html
  
== Making a cascade of SSH connections easy ==
+
== Automatically saying "yes" ==
 +
 
 +
This expect script automates typing "yes" when asked by SSH if a host should be added to known_hosts
 +
 +
#!/usr/bin/expect -f
 +
set arg1 [lindex $argv 0]
 +
set timeout 2
 +
spawn ssh  $arg1
 +
expect "yes/no"  {
 +
send "yes\n"
 +
}
 +
send "exit\n"
 +
send "\r"         
 +
 
 +
 
 +
You can include it in a bash script to iterate over all nodes doing this:
 +
 
 +
for i in `uniq hostfile` ; do
 +
./say-yes.exp $i
 +
done
 +
 
 +
== Better than automatically saying "yes" ==
  
Here is a very convenient way to set up the access to any machine directly instead of doing a cascade of SSH calls. Put this into your .ssh/config file :
+
Remark: It turns out there is a more ellegant way to do this task: using a tool called ''ssh-keyscan''.
  
 +
== Making a cascade of SSH connections easy ==
 +
Here is a very convenient way to set up the access to any machine directly instead of doing a cascade of SSH calls. If you can not directly access e.g. the machine "heterogeneous", but you can log into "csserver" and then to "heterogeneous", you can put this into your .ssh/config file :
 
  Host csserver
 
  Host csserver
 
   User kdichev
 
   User kdichev
Line 23: Line 45:
 
   Hostname heterogeneous.ucd.ie
 
   Hostname heterogeneous.ucd.ie
 
   ProxyCommand ssh -qax csserver nc %h %p
 
   ProxyCommand ssh -qax csserver nc %h %p
Host hcl01
 
  Hostname hcl01.ucd.ie
 
  ProxyCommand ssh -qax heterogeneous nc %h %p
 
  
  
Now, you can do:
+
Since the installation of a new PBS system, you can not directly log into a hclXX node. You can do
  ssh hcl01
+
  ssh heterogeneous instead and use "qsub" [[HCL_cluster#Access_and_Security]]
and you get logged to the node immediately.
+
 
 +
== The best way is saying no "YES" ==
 +
 
 +
This trick avoids a confirmation message asking "yes" when asked by SSH if a host should be added to known_hosts:
 +
 
 +
    ssh -q -o StrictHostKeyChecking=no
 +
 
 +
So with OpenMPI it can be used as
 +
 
 +
    mpirun --mca plm_rsh_agent "ssh -q -o StrictHostKeyChecking=no"
 +
 
 +
== X11 forwarding ==
 +
<code lang="bash">
 +
ssh -X hostname
 +
</code>
 +
or add the following line to your .ssh/ssh_config file
 +
ForwardX11 yes

Latest revision as of 10:43, 22 August 2012

Passwordless SSH

To set up passwordless SSH, there are three main things to do:

  • generate a pair of public/private keys on your local computer
  • copy the public key from the source computer to the target computer's authorized_keys file
  • check the permissions.

You can repeat that transitively for "A->B->C". You can use the initial pair of keys everywhere.

See here for details:

http://www.stearns.org/doc/ssh-techniques.current.html

Automatically saying "yes"

This expect script automates typing "yes" when asked by SSH if a host should be added to known_hosts

#!/usr/bin/expect -f
set arg1 [lindex $argv 0]
set timeout 2
spawn ssh  $arg1
expect "yes/no"  {
send "yes\n"
}
send "exit\n"
send "\r"          


You can include it in a bash script to iterate over all nodes doing this:

for i in `uniq hostfile` ; do
./say-yes.exp $i
done

Better than automatically saying "yes"

Remark: It turns out there is a more ellegant way to do this task: using a tool called ssh-keyscan.

Making a cascade of SSH connections easy

Here is a very convenient way to set up the access to any machine directly instead of doing a cascade of SSH calls. If you can not directly access e.g. the machine "heterogeneous", but you can log into "csserver" and then to "heterogeneous", you can put this into your .ssh/config file :

Host csserver
  User kdichev
  Hostname csserver.ucd.ie
Host heterogeneous
  User kiril
  Hostname heterogeneous.ucd.ie
  ProxyCommand ssh -qax csserver nc %h %p


Since the installation of a new PBS system, you can not directly log into a hclXX node. You can do

ssh heterogeneous instead and use "qsub" HCL_cluster#Access_and_Security

The best way is saying no "YES"

This trick avoids a confirmation message asking "yes" when asked by SSH if a host should be added to known_hosts:

   ssh -q -o StrictHostKeyChecking=no 

So with OpenMPI it can be used as

   mpirun --mca plm_rsh_agent "ssh -q -o StrictHostKeyChecking=no"

X11 forwarding

ssh -X hostname or add the following line to your .ssh/ssh_config file

ForwardX11 yes