NAME¶

ethsetupssh

Creates SSH keys and configures them on all hosts so the system can use SSH and SCP into all other hosts without a password prompt. Typically, during cluster setup this tool enables the root user on the Management Node to log into the other hosts (as root) using password-less SSH.

Syntax¶

ethsetupssh [-p|U] [-f hostfile] [-h 'hosts'] [-u user] [-S] [-R|P]

Options¶

--help

Produces full help text.

-p

Performs operation against all hosts in parallel.

-U

Performs connect only (to enter in local hosts, known hosts). When run in this mode, the -S option is ignored.

-f hostfile

Specifies the file with hosts in cluster.
Default is /etc/eth-tools/hosts file.

-h hosts

Specifies the list of hosts to set up.

-u user

Specifies the user on remote system to allow this user to SSH to. Default is current user code for host(s).

-S

Securely prompts for password for user on remote system.

-R

Skips setup of SSH to local host.

-P

Skips ping of host (for SSH to devices on Internet with ping
firewalled).

Examples¶

ethsetupssh -S

ethsetupssh -U

ethsetupssh -h 'arwen elrond' -U

HOSTS='arwen elrond' ethsetupssh -U

Environment Variables¶

The following environment variables are also used by this command:

HOSTS_FILE

File containing list of hosts, used in absence of -f and -h.

HOSTS

List of hosts, used if -h option not supplied.

FF_MAX_PARALLEL

When -p option is used, maximum concurrent operations.

Description¶

ethsetupssh provides an easy way to create SSH keys and distribute them to the hosts in the cluster. Many of the FastFabric tools (as well as many versions of MPI) require that SSH is set up for password-less operation. Therefore, ethsetupssh is an important setup step.

This tool also sets up SSH to the local host. This capability is required by selected FastFabric Toolset commands and may be used by some applications (such as MPI).

ethsetupssh has two modes of operation. The mode is selected by the presence or absence of the -U option. Typically, ethsetupssh is first run without the -U option, then it may later be run with the -U option.

Host Initial Key Exchange¶

When run without the -U option, ethsetupssh performs the initial key exchange and enables password-less SSH and SCP. The preferred way to use ethsetupssh for initial key exchange is with the -S option. This requires that all hosts are configured with the same password for the specified "user" (typically root). In this mode, the password is prompted for once and then SSH and SCP are used in conjunction with that password to complete the setup for the hosts. This mode also avoids the need to set up rsh/rcp/rlogin (which can be a security risk).

Refreshing Local Systems Known Hosts¶

If aspects of the host have changed, such as IP addresses, MAC addresses, software installation, or server OS reinstallation, you can refresh the local host's SSH known_hosts file by running ethsetupssh with the -U option. This option does not transfer the keys, but instead connects to each host to refresh the SSH keys. Existing entries for the specified hosts are replaced within the local known_hosts file. When run in this mode, the -S option is ignored. This mode assumes SSH has previously been set up for the hosts; therefore, no files are transferred to the specified hosts and no passwords should be required.