Passwordless authentication in openpbs 20

Hi!
I am trying to install openPBS 20. I read documentation and I stuck in:
Installation & Upgrade Guide
Pre-Installation Steps
2.1.7.2 Linux User Authorization

  1. PBS may be configured to use the Secure Copy (scp) for file transfers. The administrator sets up SSH keys as
    described in “Enabling Passwordless Authentication” on page 553 in the PBS Professional Administrator’s Guide.
    See also “Setting File Transfer Mechanism” on page 547 in the PBS Professional Administrator’s Guide.

I need Passwordless Authentication to get output files from MOMs.
I go to:
PBS Professional 2020.1 Administrator’s Guide
14.6.7.1 Enabling Passwordless Authentication

You can use any authentication method you want, such as a shosts.equiv file, an authorized keys file, or .rhosts authentication. You can choose a cipher and use encryption; balance the CPU time required by encryption with the CPU time required by MoMs and job tasks.

Is there in documentation any explanation of above topics?
When I using PBSpro 14.2, I do it like in documentation in admin guide 14.2:
7.9.4.2 SSH/SCP
Is this correct also to version 20 of openPBS?
Or I should use MUNGE like said in :
PBS Professional 2020.1 Administrator’s Guide
8.4.4 Authentication via MUNGE
?

Yes thats correct

You do not have to, unless you want all communication to be secured.

Thank you

Thank You for Your reply.
Tell me please is MUNGE is replacement for host-based authentication or just new feature to communication be more secured ?

If I use MUNGE in my cluster I do not need to set host-based authentication or those two topics are not related?

Regards!

No, it not related to user-sshkey based or host-based authentication

Yes you are correct.
Please check this section 8.4.4 Authentication via MUNGE

Ref: GitHub - dun/munge: MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating and validating user credentials.
MUNGE ( MUNGE Uid ‘N’ Gid Emporium ) is an authentication service for creating and validating user credentials. It is designed to be highly scalable for use in an HPC cluster environment. It provides a portable API for encoding the user’s identity into a tamper-proof credential that can be obtained by an untrusted client and forwarded by untrusted intermediaries within a security realm. Clients within this realm can create and validate credentials without the use of root privileges, reserved ports, or platform-specific methods.

  • Two topics are not related
  • host-based passwordless-ssh or userkey-based passwordless-ssh are required
  • Snippet from the PBS Pro Admin guide:
    You can use the MUNGE authentication daemon to create and validate credentials within a PBS complex. Using MUNGE, the hosts in the PBS complex form a security realm and share a cryptographic key. PBS processes can use MUNGE to authenticate the UID and GID of other processes on hosts in a PBS complex. The client machines in the complex can create and validate credentials without using root privilege, reserved ports, or methods requiring a specific platform.
    PBS Professional uses the MUNGE authentication service to authenticate the UID and GID of PBS processes, and to create and validate credentials. Once MUNGE is integrated, communication for PBS commands and daemons is validated via MUNGE. All PBS daemons are authenticated via MUNGE when they try to connect to pbs_comm.