Re: [gentoo-cluster] RSH/SSH? (Solution) - gentoo-cluster

From:	Brady Catherman <bradyc@××××××.edu>
To:	gentoo-cluster@l.g.o
Subject:	Re: [gentoo-cluster] RSH/SSH? (Solution)
Date:	Wed, 16 Nov 2005 07:18:32
Message-Id:	`8154EAB4-584C-4099-B004-B7DE351575C9@uidaho.edu`
In Reply to:	Re: [gentoo-cluster] RSH/SSH? by Eric Thibodeau

1

Awesome find Eric!  I didn't even notice that before. I still have a  

2

bunch of stuff that I need to pin down but everything appears to be  

3

completely built. SGE needs tested and such. Hopefully tomorrow. (I  

4

still don't know why PDSH isn't in the stinking portage tree! Its the  

5

coolest program for clusters ever and its not there!)

6

7

Anyways, to the point. I got RSH working. Jury is still out on SSH  

8

but our users already have shared keys so that is a patch job  

9

solution for the time being.

10

11

First thing about getting RSH working is to not listen to anybody on  

12

the net. Everybody wants to tell you the wrong way to do it =)

13

14

Start by adding "only_from += 192.168.0.0/16" in /etc/xinetd.conf  

15

after the other only_from line.

16

Then change "disable = yes" to "disable = no" in /etc/xinetd.d/ 

17

{rsh,rexec,rlogin}.

18

19

Change the following files: /etc/pam.d/rsh

20

#%PAM-1.0

21

# For root login to succeed here with pam_securetty, "rsh" must be

22

# listed in /etc/securetty.

23

auth       required     pam_nologin.so

24

auth       required     pam_securetty.so

25

auth       optional     pam_env.so

26

27

# Uncomment this and comment the following to use rhosts_auth module

28

auth       required     pam_rhosts_auth.so

29

#auth       include     system-auth

30

31

account    include      system-auth

32

session    include      system-auth

33

34

/etc/pam.d/rlogin:

35

#%PAM-1.0

36

# For root login to succeed here with pam_securetty, "rlogin" must be

37

# listed in /etc/securetty.

38

auth       required             pam_nologin.so

39

auth       required             pam_securetty.so

40

auth       required     pam_env.so

41

auth       sufficient   pam_rhosts_auth.so

42

auth       include              system-auth

43

account    include              system-auth

44

password   include              system-auth

45

session    include              system-auth

46

47

/etc/pam.d/rexec

48

#%PAM-1.0

49

# For root login to succeed here with pam_securetty, "rexec" must be

50

# listed in /etc/securetty.

51

auth       required     pam_nologin.so

52

auth       required     pam_securetty.so

53

auth       optional     pam_env.so

54

auth       required     pam_rhosts_auth.so

55

auth       include      system-auth

56

account    include      system-auth

57

session    include      system-auth

Now edit /etc/hosts.equiv and add the hosts you want people to  

62

connect from. I had to add ip addresses here for some reason. Once  

63

you have that setup you can copy that file to /root/.rhosts

64

65

Now you just need to add rsh, rlogin, and rexec to /etc/securetty  

66

(all on there own lines) and you should be set.

On Nov 14, 2005, at 8:46 PM, Eric Thibodeau wrote:

75

76

> Brady, I just happened to have to look into the lam-mpi ebuild and

77

> here is something you might find interesting:

78

>

79

>

80

> if use crypt; then

81

>

82

> myconf="${myconf} --with-rsh=ssh"

83

>

84

> else

85

>

86

> myconf="${myconf} --with-rsh=rsh"

87

>

88

> fi

89

>

90

>

91

> This is from lam-mpi-7.1.1-r3.ebuild .. so you'll have to decide

92

> wether you want crypt (ssh) or not (rsh)....that might have been

93

> the root cause of some of your headaches.

94

>

95

>

96

> Le 13 Novembre 2005 07:37, Brady Catherman a écrit :

97

>

98

> > Has anybody been been able to get RSH and SSH working password less?

99

>

100

> > We are trying to convert our cluster to Gentoo but can't get

101

> password

102

>

103

> > less authentication working at all. We used our normal RedHat

104

>

105

> > oriented methods but hat just mad things ten times worse.

106

>

107

> >

108

>

109

> > So, if you have a web page that actually CLEARLY documents a WORKING

110

>

111

> > method please let me know =)

112

>

113

> >

114

>

115

> > Thanks for an help you are able to offer.

116

>

117

>

118

> --

119

>

120

> Eric Thibodeau

121

>

122

> Neural Bucket Solutions Inc.

123

>

124

> T. (514) 736-1436

125

>

126

> C. (514) 710-0517

127

>

128

129

130

--

131

gentoo-cluster@g.o mailing list

Gentoo Archives: gentoo-cluster

Replies

1	Awesome find Eric! I didn't even notice that before. I still have a
2	bunch of stuff that I need to pin down but everything appears to be
3	completely built. SGE needs tested and such. Hopefully tomorrow. (I
4	still don't know why PDSH isn't in the stinking portage tree! Its the
5	coolest program for clusters ever and its not there!)
6
7	Anyways, to the point. I got RSH working. Jury is still out on SSH
8	but our users already have shared keys so that is a patch job
9	solution for the time being.
10
11	First thing about getting RSH working is to not listen to anybody on
12	the net. Everybody wants to tell you the wrong way to do it =)
13
14	Start by adding "only_from += 192.168.0.0/16" in /etc/xinetd.conf
15	after the other only_from line.
16	Then change "disable = yes" to "disable = no" in /etc/xinetd.d/
17	{rsh,rexec,rlogin}.
18
19	Change the following files: /etc/pam.d/rsh
20	#%PAM-1.0
21	# For root login to succeed here with pam_securetty, "rsh" must be
22	# listed in /etc/securetty.
23	auth required pam_nologin.so
24	auth required pam_securetty.so
25	auth optional pam_env.so
26
27	# Uncomment this and comment the following to use rhosts_auth module
28	auth required pam_rhosts_auth.so
29	#auth include system-auth
30
31	account include system-auth
32	session include system-auth
33
34	/etc/pam.d/rlogin:
35	#%PAM-1.0
36	# For root login to succeed here with pam_securetty, "rlogin" must be
37	# listed in /etc/securetty.
38	auth required pam_nologin.so
39	auth required pam_securetty.so
40	auth required pam_env.so
41	auth sufficient pam_rhosts_auth.so
42	auth include system-auth
43	account include system-auth
44	password include system-auth
45	session include system-auth
46
47	/etc/pam.d/rexec
48	#%PAM-1.0
49	# For root login to succeed here with pam_securetty, "rexec" must be
50	# listed in /etc/securetty.
51	auth required pam_nologin.so
52	auth required pam_securetty.so
53	auth optional pam_env.so
54	auth required pam_rhosts_auth.so
55	auth include system-auth
56	account include system-auth
57	session include system-auth
58
59
60
61	Now edit /etc/hosts.equiv and add the hosts you want people to
62	connect from. I had to add ip addresses here for some reason. Once
63	you have that setup you can copy that file to /root/.rhosts
64
65	Now you just need to add rsh, rlogin, and rexec to /etc/securetty
66	(all on there own lines) and you should be set.
67
68
69
70
71
72
73
74	On Nov 14, 2005, at 8:46 PM, Eric Thibodeau wrote:
75
76	> Brady, I just happened to have to look into the lam-mpi ebuild and
77	> here is something you might find interesting:
78	>
79	>
80	> if use crypt; then
81	>
82	> myconf="${myconf} --with-rsh=ssh"
83	>
84	> else
85	>
86	> myconf="${myconf} --with-rsh=rsh"
87	>
88	> fi
89	>
90	>
91	> This is from lam-mpi-7.1.1-r3.ebuild .. so you'll have to decide
92	> wether you want crypt (ssh) or not (rsh)....that might have been
93	> the root cause of some of your headaches.
94	>
95	>
96	> Le 13 Novembre 2005 07:37, Brady Catherman a écrit :
97	>
98	> > Has anybody been been able to get RSH and SSH working password less?
99	>
100	> > We are trying to convert our cluster to Gentoo but can't get
101	> password
102	>
103	> > less authentication working at all. We used our normal RedHat
104	>
105	> > oriented methods but hat just mad things ten times worse.
106	>
107	> >
108	>
109	> > So, if you have a web page that actually CLEARLY documents a WORKING
110	>
111	> > method please let me know =)
112	>
113	> >
114	>
115	> > Thanks for an help you are able to offer.
116	>
117	>
118	> --
119	>
120	> Eric Thibodeau
121	>
122	> Neural Bucket Solutions Inc.
123	>
124	> T. (514) 736-1436
125	>
126	> C. (514) 710-0517
127	>
128
129
130	--
131	gentoo-cluster@g.o mailing list