ssh with shared mount point

devjxh · November 28, 2007, 11:39am

I have 3 nodes and I want to set up ssh between them. Normnally I am fine with that but I am a bit stumped because for the Oracle user we have a shared mountpoint (/home/oracle) across all 3 nodes

I create my rsa and dsa files in ~/.shh as node1_id_rsa / node1_id_dsa (for each of the 3 modes) and then I cat each of the .pub files (both rsa and dsa) into the authorised_keys file.

ssh still requires a password. The concept of the shared home area is confusing me a bit

Can anybody else please

porter · November 28, 2007, 12:23pm

Shouldn't you be appending the certificate to $HOME/.ssh/authorized_keys?

Is the home directory shared between all 3 nodes, hence there is only one .ssh directory that is also shared?

If so then this user can only have one default certificate identifying the user.

devjxh · November 29, 2007, 3:40am

Porter, thanks for the response

I am appending the files to $HOME/.ssh/authorized_keys.

There is only one .ssh directory. However if I run the ssh-keygen routine on node1 it creates .pub files with node1 in the line. Therefore if I try and connect from/to node 2 then it requires a password.

Bear with me, I know I am not explaining myself very well

devjxh · November 30, 2007, 6:29am

I have solved my problem
I needed to ssh-keygen -t rsa and ssh-keygen -t dsa to separate files for each node

Then cat each node_id_rsa file into a clean file id_rsa and repeat for the node_id_dsa files into id_dsa.

Then copy the relevant node_id_rsa.pub files and node_id_dsa.pub files into authorised_keys.

Finally chmod 600 on the id_rsa and id_dsa files

porter · November 30, 2007, 7:54am

I have a number of machines where I put exactly the same "identity" and "identity.pub" in my $HOME/.ssh directories because I am the same user.

This allows me to ssh and scp directly to any machine without having to use a password.

And you would only need one entry in the authorized_keys, eg the same as identity.pub.

known_hosts would accumulate the different machines you talk to of course.

I use this to distribute my keys....

#!/bin/sh -x

ME=`whoami`

for d in $@
do
        ssh <identity.pub $ME@$d cat \>\>.ssh/authorized_keys
        if test "$?" = "0"
        then
                if ssh </dev/null $ME@$d chmod 600 .ssh/authorized_keys
                then
                        ssh <identity $ME@$d dd of=.ssh/identity
                        ssh <identity.pub $ME@$d dd of=.ssh/identity.pub
                        ssh </dev/null $ME@$d chmod 600 .ssh/identity .ssh/identity.pub
                        ssh $ME@$d ls -l .ssh
                fi
        fi
done