Assumptions: /etc/sysconfig/iba/hosts file reflects the compute node (CN) set.
1) Ensure that root SSH key pairs have been generated on all nodes. If not, generate the root SSH key pair using "ssh-keygen -t rsa" on all nodes.
2) Establish SSH trust between the management node (MN) and an individual CN by appending the MN root user's public SSH key (~/.ssh/id_rsa.pub) onto the CN root user's SSH authorized keys file (~/.ssh/authorized_keys2). Repeat this for the CN set.
This command may be helpful:
cat ~/.ssh/id_rsa.pub | ssh CN "cat - >> ~/.ssh/authorized_keys2"
3) On the MN, using the FF /sbin/setup_ssh script, to build a new known_hosts file.
a) cp /dev/null ~/.ssh/known_hosts
b) /sbin/setup_ssh -C
4) On the MN, build a new authorized_keys2 file for later propagation.
a) cat ~/.ssh/id_rsa.pub > /var/tmp/new_authorized_keys2
b) cmdall "cat ~/.ssh/id_rsa.pub" | grep -v 'ssh/id_rsa.pub' >> /var/tmp/new_authorized_keys2
5) Now, distribute the new authorized_keys2 and known_hosts files.
a) scpall /var/tmp/new_authorized_keys2 ~/.ssh/authorized_keys2
b) cmdall "chmod 644 ~/.ssh/authorized_keys2"
c) scpall ~/.ssh/known_hosts ~/.ssh/known_hosts
d) cmdall "chmod 644 ~/.ssh/known_hosts
6) Gain confidence that everything is synchronized correctly by:
a) cmdall "md5sum ~/.ssh/authorized_keys2"
b) cmdall "md5sum ~/.ssh/known_hosts"
NOTE: (3-Feb-2009) -- I have now found that the IFS /sbin/setup_ssh script seems to only work to generate half (no IB interfaces) of a known_hosts file. I used something like this:
/sbin/setup_ssh -s -S -i'-ib' -f /etc/sysconfig/iba/hosts
I still had to generate the authorized_keys2 file using the technique above.
NOTE: this rough procedure still needs more debugging.
