Configuring with ssh

The normal process startup mechanism for the ch_p4 device on networks is rsh. Use of rsh requires that certain permission be set up on the participating machines. On some networks it is undesirable to set permissions that way. The simplest alternative to the use of rsh is ssh (the secure shell). It can be used for secure distributed computing. It requires some setup, described here, but then usage is quite simple.

The exact set of instructions depend, unfortunately, on exactly which version of ssh you have installed.

Original SSH (version 1)

Here is a set of steps that need to be done before version one of ssh will work properly with mpich. The changes for version two of ssh follow.

1. Make sure ssh is installed on your network (which ssh). If it isn't, you can get ssh from http://www.ssh.fi/sshprotocols2/index.html.
2. Create your authentication key.


    ssh-keygen 

This will generate a private/public key pair. The private key will be saved in


    ~/.ssh/identity 

and the public key will be saved in


    ~/.ssh/identity.pub 


3. Authorize Access. Place your public key in your /.ssh/authorized_keys file. All keys listed in that file are allowed access.


    cp  /.ssh/identity.pub  /.ssh/authorized_keys 

If the machine you are connecting to does not share a common file system, then /.ssh/identity.pub should be copied over to the /.ssh/authorized_keys file of the machine you will be connecting to. ssh will insist that authorized_keys have its permissions set so that it is not group writable, so do


    chmod go-rwx  /.ssh/authorized_keys 

This step avoids the need to enter your password each time you want to run a secure shell command.
4. In order to avoid typing in your pass phrase each time ssh is invoked, an ssh-agent needs to be created and your pass phrase added.


    ssh-agent $SHELL 
    ssh-add 


5. Configure with -rsh=ssh, so that the ch_p4 device will use ssh instead of rsh:


    configure -rsh=ssh 

Make sure that the hosts listed in your util/machines/machine.xxxx are also listed in the /etc/ssh_known_hosts file on your network or your /.ssh/known_hosts file in your home directory.

It is important that /tmp has permissions set to 03777, with root as owner and group 0.

openssh has a -v flag which is very useful for tracking down handshaking problems.

SSH Version 2.

Follow the instructions for Original SSH with the following changes:

1. Give the option -t dsa or -t rsa to ssh-keygen. Otherwise, an rsa1 key is generated that cannot be used by ssh2.
2. Instead of the files identity.*, ssh-keygen creates files with names id_dsa and id_dsa.pub (for dsa key types).
3. Copy the file id_dsa.pub to authorized_keys2 rather than to authorized_keys.