Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Check this thread here on LQ for the use of hosts.allow and/or hosts.deny. In regards to your question about not using a password, set up key authentication for the users, it takes some work to create and 'activate' the keys but once it's done you're set to go. This site explains it pretty well for Debian based systems but should be applicable (with or without modification depending on your distro) to other systems.
I read them. Currently I am doing the same thing as http://www.debian-administration.org...ad_of_password says.
on client I create a public key and copy that to the server. Then I can ssh without password to the server from client.
However if there are 10 clients and one server, for each user I have to do the task 10 times which is tedious. More automated (script like) method is needed.
The detail explanation of my question is:
suppose the server has IP address 192.168.1.1 with subnet 255.255.255.0 and the 10 workstations (computing node) are in the same subnet. Now I want to configure the ssh server in such a way that all machines in 192.168.1.X do ssh with each other without any password for all users who have account on the server.
@Reuti: nice one, never tried it before but will sure put it to use with your tutorial.
@OP: Are you saying that all nodes will do SSH between each other AND to the server? Aside from that, you refer to users having an account on the server, do you mean they need to authenticate to the server before being able to SSH to another node? Either way, using SSH keys on a user base or on a host base as pointed out by Reuti will take some 'work' you have to put in it. Of course you can automate a lot by scripting but for a task that simple you'd probably put in more time in the script then in the actual configuration I think.
On the client (note that I used chroot from server to client while logging in the server):
Code:
root@server:/# cat /etc/hosts.equiv
server
root@server:/# cat /etc/ssh/shosts.equiv
server
root@server:/# cat etc/ssh/sshd_config | grep "yes"
UsePrivilegeSeparation yes
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
HostbasedAuthentication yes
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
# Change to yes to enable challenge-response passwords (beware issues with
#PasswordAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#GSSAPICleanupCredentials yes
X11Forwarding yes
PrintLastLog yes
TCPKeepAlive yes
# Set this to 'yes' to enable PAM authentication, account processing,
UsePAM yes
root@server:/# cat etc/ssh/ssh_config | grep "yes"
# ForwardX11Trusted yes
# RSAAuthentication yes
# PasswordAuthentication yes
# CheckHostIP yes
HashKnownHosts yes
GSSAPIAuthentication yes
root@server:/# cat etc/ssh/ssh_known_hosts
server,192.168.1.1
After that I restart ssh on server:
Code:
root@server:~# /etc/init.d/ssh restart
* Restarting OpenBSD Secure Shell server sshd [ OK ]
root@server:~#
And then reboot the client (since it boots using PXE).
Is that all? After that here is what I get:
Code:
mahmood@server:~$ ssh client
get_socket_address: getnameinfo 8 failed: Name or service not known
get_socket_address: getnameinfo 8 failed: Name or service not known
cannot get sockname for fd
ssh_keysign: no reply
key_sign failed
mahmood@client's password:
On my previous cluster I did the same. But I can not remember if any additional steps I made
At first glance that seems to be all yes, except that you need to run the ssh-keysign command in my opinion. That should generate the key you need to include in your /etc/ssh/ssh_known_hosts file if I'm not mistaking. I've never set up host based authentication so walking a bit in the dark here. If you concluded that you need to test and see if you can login to the other server without providing credentials.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.