Hi, I've always used 600 based on: https://help.ubuntu.com/community/SSH/OpenSSH/Keys#Troubleshooting, which states that other permissions may be too open for OpenSSH standards. IME, 600 works fine so I've stuck with that. Obviously, 640 and 644 can be successful, too.
Sincerely, Gunnar Innovation is a team sport - Michael Idechik, vice president of advanced technologies, General Electric From: Ellen Evans [mailto:[email protected]] Sent: Thursday, March 21, 2013 7:16 PM To: [email protected] Subject: Re: Passwordless login from master as well We currently recommend 640 for the file. Is there a reason 600 is better? E Sent from out and about. On Mar 21, 2013, at 5:41 PM, Yusaku Sako <[email protected]<mailto:[email protected]>> wrote: Thanks for the tip. Yep that would work as well. As Ravindranath mentioned, ssh-copy-id can help, too. We can definitely enhance the doc. Do you want to file a JIRA for that? Also, the doc should be modified to say authorized_keys should be 600 and write down the chmod commands explictly. I think chmod 700 ~/.ssh and chmod 600 ~/.ssh/authorized_keys should work (no need to lockdown the home directory) AFAIK (I may be wrong). Yusaku On Thu, Mar 21, 2013 at 3:10 PM, Tapper, Gunnar <[email protected]<mailto:[email protected]>> wrote: Hi, I have the same experience; that is, that section 5.2 in the installation guide doesn't address password-free ssh correctly. I find it easiest to set up the ~/.ssh/authorized_keys file on the server node first by copying ~/.ssh/id_dsa.pub values from the slave nodes into that file. Then, I simply use scp to copy ~/.ssh/authorized_keys to the agent nodes. Finally, I find that you have to do the following on each node: chmod 755 ~/.ssh chmod 600 ~/.ssh/authorized_keys cd ~/.ssh chmod 700 .. (that's two periods) Sincerely, Gunnar Innovation is a team sport - Michael Idechik, vice president of advanced technologies, General Electric From: Ravindranath Akila [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, March 21, 2013 2:52 PM To: [email protected]<mailto:[email protected]> Subject: Passwordless login from master as well Could you please update the documentation to include that Passwordless login is required from masters to slaves as well? Also include use of ssh-copy-id? Just thought of suggesting based on my experience with Ambari. Finally got the cluster running B-) -Ravindranath Akila
