To enable the login without password, the rsa public key should be copied to /root/.ssh/authorized_keys in the compute node. Could you check whether the key has been added in to
Thanks
Best Regards
----------------------------------------------------------------------
Wang Xiaopeng (王晓朋)
IBM China System Technology Laboratory
Tel: 86-10-82453455
Email: [email protected]
Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193
/root/.ssh/authorized_keys?
Thanks
Best Regards
----------------------------------------------------------------------
Wang Xiaopeng (王晓朋)
IBM China System Technology Laboratory
Tel: 86-10-82453455
Email: [email protected]
Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193
----- Original message -----
From: Josh Nielsen <[email protected]>
To: xCAT Users Mailing list <[email protected]>
Cc:
Subject: Re: [xcat-user] Updatenode -k won't create id_rsa key without prompting for password
Date: Tue, Mar 8, 2016 5:26 AM
Also if remoteshell is invoked directly as a postscript ('updatenode node0086c -V -P remoteshell') it produces the same result, but does not prompt for a password (like invoking xdsh -K directly doesn't), and copies everything over except id_rsa. So actually the prompting for a password is specific to updatenode -k, not xdsh -K or the remoteshell postscript (which run that). So I'm not sure if that is relevant to the underlying problem or not, but if I do invoke updatenode -k and supply it the password it copies the id_rsa to the node.On Mon, Mar 7, 2016 at 2:12 PM, Josh Nielsen <[email protected]> wrote:Hello,
When we freshly deploy a node from the kickstart and run our postscripts we noticed that for some reason the /root/.ssh/id_rsa file which allows passwordless login from that node to other nodes is missing, though this was not the case just a few months ago. When I try to generate the key manually it prompts for a password, after which it will copy/create that file successfully (see below), but there are a few odd things connected to this.
The error is:
updatenode node0087c -kEnter the password for the userid: root on the node where the ssh keys will be updated:
The first oddity is that even after supplying the password once for a particular node it will prompt for the password every time if I run it again, as well as the related problem that this never used to happen before and the key used to be created without issue or prompting for a password. The 'passwd' xCAT table has the password for root (if that is where it looks for this command).
Secondly I have done several manual debugging steps (and poking around source code to see what is happening) and I have run the actual xdsh command that is called, shown from the -V verbose output (which it prints two of, the first apparently to prep the SNs and run the 'remoteshell' postscript on them, and the second to actually do the same to the node specified).
xdsh sn1,sn2 --nodestatus -s -v -e /install/postscripts/xcatdsklspost 5 -m [MN_IP] 'remoteshell,servicenode' --tftp /tftpboot --installdir /install --nfsv4 no -c -V
xdsh node0086c --nodestatus -s -v -e /install/postscripts/xcatdsklspost 5 -m [SN1_IP] 'remoteshell' --tftp /tftpboot --installdir /install --nfsv4 no -c -V
This did not reveal anything useful, except that when invoked directly like this no password is prompted for and it runs, but still leaves out the id_rsa file. I followed also the suggestion by Wang Xaiopeng in this thread (http://tinyurl.com/jz2jzmb) to test the getcredentials call with:1. Enable mini server
/xcatpost/allowcred.awk &2.Try to get rsa hostkey
USEOPENSSLFORXCAT=yes XCATSERVER=<MNIP>:3001 /xcatpost/getcredentials.awk ssh_rsa_hostkeyThis returned ssh_rsa_hostkey sucessfully. When remoteshell is run (whether with updatenode -k or xdsh -K) it actually does copy over the key files into /etc/ssh/ and it copies known_hosts, copy.sh, and authorized_keys into /root/.ssh on the compute node but omits id_rsa. What could be going wrong here?
Regards,
Josh Nielsen
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://makebettercode.com/inteldaal-eval
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
