Hi!
I am trying to install openPBS 20. I read documentation and I stuck in:
Installation & Upgrade Guide
Pre-Installation Steps
2.1.7.2 Linux User Authorization
PBS may be configured to use the Secure Copy (scp) for file transfers. The administrator sets up SSH keys as
described in “Enabling Passwordless Authentication” on page 553 in the PBS Professional Administrator’s Guide.
See also “Setting File Transfer Mechanism” on page 547 in the PBS Professional Administrator’s Guide.
I need Passwordless Authentication to get output files from MOMs.
I go to:
PBS Professional 2020.1 Administrator’s Guide
14.6.7.1 Enabling Passwordless Authentication
You can use any authentication method you want, such as a shosts.equiv file, an authorized keys file, or .rhosts authentication. You can choose a cipher and use encryption; balance the CPU time required by encryption with the CPU time required by MoMs and job tasks.
Is there in documentation any explanation of above topics?
When I using PBSpro 14.2, I do it like in documentation in admin guide 14.2:
7.9.4.2 SSH/SCP
Is this correct also to version 20 of openPBS?
Or I should use MUNGE like said in :
PBS Professional 2020.1 Administrator’s Guide
8.4.4 Authentication via MUNGE
?
Ref: GitHub - dun/munge: MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating and validating user credentials.
MUNGE ( MUNGE Uid ‘N’ Gid Emporium ) is an authentication service for creating and validating user credentials. It is designed to be highly scalable for use in an HPC cluster environment. It provides a portable API for encoding the user’s identity into a tamper-proof credential that can be obtained by an untrusted client and forwarded by untrusted intermediaries within a security realm. Clients within this realm can create and validate credentials without the use of root privileges, reserved ports, or platform-specific methods.
Two topics are not related
host-based passwordless-ssh or userkey-based passwordless-ssh are required
Snippet from the PBS Pro Admin guide:
You can use the MUNGE authentication daemon to create and validate credentials within a PBS complex. Using MUNGE, the hosts in the PBS complex form a security realm and share a cryptographic key. PBS processes can use MUNGE to authenticate the UID and GID of other processes on hosts in a PBS complex. The client machines in the complex can create and validate credentials without using root privilege, reserved ports, or methods requiring a specific platform.
PBS Professional uses the MUNGE authentication service to authenticate the UID and GID of PBS processes, and to create and validate credentials. Once MUNGE is integrated, communication for PBS commands and daemons is validated via MUNGE. All PBS daemons are authenticated via MUNGE when they try to connect to pbs_comm.
Create file /etc/ssh/shosts.equiv which includes FQDN names of all hosts.
Create or edit file /etc/ssh/ssh_known_hosts2 which looks for example like this line:
h1,host1,host1.domain.com,host_IP ssh-ed25519 AAAAAkjdfkjf…
after IP is type of pub key-algorithm and next is host public key of typed before algorithm.
To quickly create ssh_known_hosts2 file, You can use ssh-keyscan command :
ssh-keyscan -t ed25519 -f ssh_hosts >> ssh_known_hosts2
then copy it to /etc/ssh/
I use here ssh_hosts file which includes names of all hosts and it is in reverse format to /etc/hosts file, e.g.:
h1,host1,host1.domain.com,host_IP
6. Next You need to restart sshd service: sudo systemctl restart sshd.
From now, You should be able to connect via ssh to any host in Your complex whithout entering password.