Hi everybody, I forgetted to say that the /home directory is the same for all nodes. I means that the ~/.ssh directory is also the same...
Should copy all the keys (in fact all the /etc/ssh directory) on all nodes? Or is it possible to specify the pub keys (and also an authorized_keys) somwhere in /etc/ssh so that resources are shared for all users of the cluster? Thanks very much for your help... Fabrice > I've got problems with the new version of ssh and sshd. > > > My cluster originally installed on potato 2.2r6 needed some upgrade of > > ssh. I installed ssh version 3.4p1. > > This changes a lot of things. You must create new keys with the ssh-keygen > command, using the option -t option to select the type of key. The old one > used rsa1, the new one will use rsa (new format) by default, and dsa. Just > create/recreate all 3 keys on you account and for root. The host keys have > already been created when you installed the package. > > > Because the host keys had changed, I proceeded like this: > > rm ~/.ssh/known_hosts > > ssh node1 > > ... > > ssh node N > > cp ~/.ssh/known_hosts /etc/ssh/ssh_known_hosts > > The relevant file here is authorized_keys, not known_hosts. You must put > the new rsa public keys of all hosts in it. Do not use the usual command > ssh-copy-id, it will give an error (agent has no identities), or put the > old rsa1 key instead of the rsa key which is looked up by default, so it > will not work. Just edit the file directly. If you have hosts with both > versions of SSH mixed up in the same network, then you must include the > new or the old key as the case may be. > > > Protocol 2 > > Note thay this forces protocol 2 and may lock out hosts with old versions > os SSH if there are still any in this network. > > > #Privilege Separation is turned on for security > > UsePrivilegeSeparation yes > > I thing you better turn this off... > Cheers, > > ---------------------------------------------------------------- > Jorge L. deLyra, Associate Professor of Physics > The University of Sao Paulo, IFUSP-DFMA > For more information: finger [EMAIL PROTECTED] > ---------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
