Cluster 9. SSH setup.

In this part of cluster setup we will setup SSH to be able to access one node from the other without password prompt. For that purpose we'll use public certificates, generated on each node.

Create RSA keys

On both nodes:
ssh-keygen -t rsa -N "" -b 4095 -f ~/.ssh/id_rsa
-t specifies type of key to be created (rsa / dsa / rsa1 etc.)
-N specifies using empty passhphrase
-b specifies the number of bits in the key to create (for RSA minimum is 1024)
-f specifies the filename of the key file

Populate known hosts

ssh-keyscan agrp-c01n01 >> ~/.ssh/known_hosts

ssh-keyscan agrp-c01n01.bcn >> ~/.ssh/known_hosts

ssh-keyscan agrp-c01n01.sn >> ~/.ssh/known_hosts

ssh-keyscan agrp-c01n01.ifn >> ~/.ssh/known_hosts

ssh-keyscan agrp-c01n02 >> ~/.ssh/known_hosts

ssh-keyscan agrp-c01n02.bcn >> ~/.ssh/known_hosts

ssh-keyscan agrp-c01n02.sn >> ~/.ssh/known_hosts

ssh-keyscan agrp-c01n02.ifn >> ~/.ssh/known_hosts

Copy Public Keys to Enable SSH Without a Password

In order to enable password-less login, we need to create a file called ~/.ssh/authorized_keys and put both nodes' public key in it. We will create the authorized_keys on agrp-c01n01 and then copy it over to agrp-c01n02.

Copy node 1 own RSA public key to the authorized_keys file:
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

Remote copy node 2 RSA public key to the authorized_keys file:
ssh root@agrp-c01n02 "cat /root/.ssh/id_rsa.pub" >> ~/.ssh/authorized_keys

Verify file content:

In ~/.ssh/authorized_keys two entries must be, one for root@agrp-c01n01 and the other for root@agrp-c01n02

Copy authorized_keys from node 1 to the node 2:

rsync -av ~/.ssh/authorized_keys root@agrp-c01n02:/root/.ssh/

Verify password-less access if you can access both nodes from each other, then everything is OK:

From node 1:

ssh root@agrp-c01n02

From node 2:

ssh root@agrp-c01n01

This tutorial was used to understand and setup clustering: AN!Cluster