[torqueusers] Re: hostbased ssh mini-howto
widyono at seas.upenn.edu
Thu Nov 3 13:58:21 MST 2005
One final addition (sorry for that). Upon further testing (hostbased is new
to us still), we discovered that entries are necessary for all users in
/etc/shadow on the compute node. They can (and probably ought) to be locked
(!! in the password field).
Another fine point: if you have "UseDNS no" in your server config, make sure
your entries in /etc/ssh/shosts.equiv are IP addresses, not hostnames.
Finally, for root to completely ignore the PBS authentication scheming we
have configured, you'll want to set up passphraseless keys just for root and
distributed the private and public keys, and authorized_keys file containing
said key, to all compute nodes and to the head node.
More information about the torqueusers