How to use single key value pair to ssh in cluster

Question

I have to configure hadoop cluster. For that it is required that all systems should be able to ssh each other in passwordless mode. Due to security, I have allowed only key based ssh (no password). There are 5 systems in cluster. I have to generated single key value pair. How to configure all other systems to use this key pair only such that they can ssh each other in passwordless mode.

Answer 1

I'm assuming you mean Linux machines.

There must be a ~/.ssh directory chmod 700 on each machine under the account that will originate or receive the connections.

The (private) key must be generated without a password.

Don't forget that by default weak (<2048 bit) keys are not accepted by ssh recently.

The following must be done to originate a connection.

1. Your private key must be placed in ~/.ssh/id_rsa or ~/.ssh/id_dsa as appropriate. You may use another name, but then it must be included on a -i option on the machine originating the request to explicitly indicate the private key.
2. Your private key must be chmod 600.

Now for allowing a machine to receive a request:

1. Your public key must be placed in a file called ~/.ssh/authorized_keys under the account that will receive the connections. You may place other keys that are allowed to connect via this account in here as well. A particularly tricky thing if you are in vi and pasting the key into the file from the paste buffer in PuTTY is that the key starts with a "ssh-". If you are not in insert mode, the first "s" will put vi in insert mode and the rest of the key will look just fine. But you'll be missing an "s" at the beginning of the key. It took days for me to find that.
2. I like to chmod 600 ~/.ssh/authorized_keys, but it's usually not required.
3. Now, you must have the host fingerprint added to the cache. Go to machine A, and ssh to machine B. The first time, you will get a query like "Do you want to add . . . to the host key cache?". This will stop your automated process very effectively. You have a few choices, which are up to your situation: a. manually ssh 20 times from each of 5 machines to the other 4 and say "yes". b. You could get the file called "known_hosts" (this is what ssh calls the "cache") and combine entries so that the same host_keys can be copied to all machines. c. You can put host fingerprints in /etc/ssh/ssh_known_hosts. d. Put the fingerprints in DNS (see man ssh). e. Just turn it off (NOT RECOMMENDED) by setting StrictHostKeyChecking in your ssh configuration.