RSH w/o a password

RSH w/o a password

Post by Patrick McDonnel » Sat, 05 Apr 2003 07:03:32



I'm attempting to build a beowulf cluster.  After reading various docs and
HOWTOs, I've decided that it would be best if the client nodes did a remote
boot off of the server node.  I downloaded <a href="ltsp.org">LTSP</a> and
it works fine (ie the clients boot fine).  The parallel libraries I am
using (MPI and <a href="lindaspaces.com">LINDA</a>) require rsh access to
the clients without a password.  I can RSH to the clients using a password
at the present, but I can't quite do it without a pw.  I tried to RTFM on
hosts.equiv, but however I did it, it wasn't right.  Here's how the system
looks:

Server
------
hostname: fw
IP: 192.168.0.254

Clients
-------
hostname: node1         hostname: node2         hostname: node3         hostname: node4
IP: 192.168.0.1         IP: 192.168.0.2         IP: 192.168.0.3         IP: 192.168.0.4

/etc/hosts.equiv looks like this:
node1 *
node2 *
node3 *
node4 *

Any ideas?

 
 
 

RSH w/o a password

Post by ynotsso » Sat, 05 Apr 2003 12:06:56



Quote:> The parallel libraries I am
> using (MPI and <a href="lindaspaces.com">LINDA</a>) require rsh access to
> the clients without a password.  I can RSH to the clients using a password
> at the present, but I can't quite do it without a pw.  I tried to RTFM on
> hosts.equiv, but however I did it, it wasn't right.
[...]
> /etc/hosts.equiv looks like this:
> node1 *
> node2 *
> node3 *
> node4 *

> Any ideas?

It would be best if you convert to an ssh mode of access, but without
knowing more about your specific setup here's what you need to do.

~/.rhosts is required, and it must be chmod 600. rhosts(5) was indicated in
the hosts.equiv man page in the "SEE ALSO" section, and one shouldn't ignore
such things.

Also in your /etc/hosts.equiv, you should use a FQDN for some minimal
security. "*" is not a valid user, and I've never known any hosts.equiv
implementation in any *nix OS to support wild cards in that file. If you
want to allow all users, just list the FQDN.

        tony

--
use hotmail.com for any email replies

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

 
 
 

RSH w/o a password

Post by Patrick McDonnel » Sat, 05 Apr 2003 21:30:23





>> The parallel libraries I am
>> using (MPI and <a href="lindaspaces.com">LINDA</a>) require rsh access to
>> the clients without a password.  I can RSH to the clients using a
>> password
>> at the present, but I can't quite do it without a pw.  I tried to RTFM on
>> hosts.equiv, but however I did it, it wasn't right.
> [...]
>> /etc/hosts.equiv looks like this:
>> node1 *
>> node2 *
>> node3 *
>> node4 *

>> Any ideas?

> It would be best if you convert to an ssh mode of access, but without
> knowing more about your specific setup here's what you need to do.

They're trusted machines on a local network, but I would use SSH if I could.

Quote:

> ~/.rhosts is required, and it must be chmod 600. rhosts(5) was indicated
> in the hosts.equiv man page in the "SEE ALSO" section, and one shouldn't
> ignore such things.

I was under the impression that .rhosts overrules any rules found in
/etc/hosts.equiv .

Quote:

> Also in your /etc/hosts.equiv, you should use a FQDN for some minimal
> security. "*" is not a valid user, and I've never known any hosts.equiv
> implementation in any *nix OS to support wild cards in that file. If you
> want to allow all users, just list the FQDN.

So my /etc/hosts.equiv should look like:

node1 USER1 USER2 USER3...
.
.
.

?

Also, I'm confused as to whether this will allow the server to RSH to the
nodes without a password, or if only the nodes can RSH to the server
without a password.  Sorry if this is too much of a newbie question, but
the man pages didn't seem to help.

- Show quoted text -

Quote:

>         tony

> --
> use hotmail.com for any email replies

> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

 
 
 

1. pam_ldap and password management and rsh/ssh without password

The System Administration Guide: Naming and Directory Services (DNS,
NIS, and LDAP) says that if you enable pam_ldap that rsh/ssh and
authentication that doesn't require a password will fail.  So it seems
my choices are to fall back to pam_unix_account which ignores the fact
that accounts may be expired (via ldap).  This doesn't make sense to
me.  (Why isn't there a pam_ldap_account ?)

I am not hiding expiry information from my proxy...why is this a
problem?

At any rate, I'm sure that there are people out there who are using
ldap for password management that have a working solution with
ldap/rsh/ssh and password aging.  What are people doing?

2. e-Mail forwarding

3. how to "rsh -l root" WITHOUT typing password?

4. Apache questions call for help !

5. Removing password prompt for rsh and rexec

6. TNT2 and Xservers

7. rsh without password, New problem

8. SLIP and 0.99.13

9. rsh [cvs] to RedHat 7.1 server with no password - how?

10. rsh problem - "password expired" message

11. Use rsh to change password

12. rsh without password, New problem

13. rsh wants a password?