Awesome find Eric! I didn't even notice that before. I still have a
bunch of stuff that I need to pin down but everything appears to be
completely built. SGE needs tested and such. Hopefully tomorrow. (I
still don't know why PDSH isn't in the stinking portage tree! Its the
coolest program for clusters ever and its not there!)
Anyways, to the point. I got RSH working. Jury is still out on SSH
but our users already have shared keys so that is a patch job
solution for the time being.
First thing about getting RSH working is to not listen to anybody on
the net. Everybody wants to tell you the wrong way to do it =)
Start by adding "only_from += 192.168.0.0/16" in /etc/xinetd.conf
after the other only_from line.
Then change "disable = yes" to "disable = no" in /etc/xinetd.d/
{rsh,rexec,rlogin}.
Change the following files: /etc/pam.d/rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth optional pam_env.so
# Uncomment this and comment the following to use rhosts_auth module
auth required pam_rhosts_auth.so
#auth include system-auth
account include system-auth
session include system-auth
/etc/pam.d/rlogin:
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth sufficient pam_rhosts_auth.so
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
/etc/pam.d/rexec
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rexec" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth optional pam_env.so
auth required pam_rhosts_auth.so
auth include system-auth
account include system-auth
session include system-auth
Now edit /etc/hosts.equiv and add the hosts you want people to
connect from. I had to add ip addresses here for some reason. Once
you have that setup you can copy that file to /root/.rhosts
Now you just need to add rsh, rlogin, and rexec to /etc/securetty
(all on there own lines) and you should be set.
On Nov 14, 2005, at 8:46 PM, Eric Thibodeau wrote:
Brady, I just happened to have to look into the lam-mpi ebuild and
here is something you might find interesting:
if use crypt; then
myconf="${myconf} --with-rsh=ssh"
else
myconf="${myconf} --with-rsh=rsh"
fi
This is from lam-mpi-7.1.1-r3.ebuild .. so you'll have to decide
wether you want crypt (ssh) or not (rsh)....that might have been
the root cause of some of your headaches.
Le 13 Novembre 2005 07:37, Brady Catherman a écrit :
> Has anybody been been able to get RSH and SSH working password less?
> We are trying to convert our cluster to Gentoo but can't get
password
> less authentication working at all. We used our normal RedHat
> oriented methods but hat just mad things ten times worse.
>
> So, if you have a web page that actually CLEARLY documents a WORKING
> method please let me know =)
>
> Thanks for an help you are able to offer.
--
Eric Thibodeau
Neural Bucket Solutions Inc.
T. (514) 736-1436
C. (514) 710-0517
--
[email protected] mailing list
