chris66
Posts: 1
Joined: Sat Mar 17, 2018 12:25 pm

SSH with RSA keys for MPI cluster

Thu Nov 14, 2019 10:00 pm

Hi folks, hopefully this is posting in the right forum.
I have several RPi's (11 = Zero - 4B models) that I can use a menu based set of setup scripts on (run as root for installs etc. using latest Raspian-Lite image) and most of it works. I can configure hardware per device (camera, GPIO hats etc.) and local installs of OpenMPI with minimal user input, but I'm struggling with setting up RSA shared keys. I can do it with lots of CLI per device during setup, but I'm trying to develop it for educational use, so some scripted commands would be very useful.
Cheers,
Chris^^

epoch1970
Posts: 4140
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: SSH with RSA keys for MPI cluster

Fri Nov 15, 2019 2:01 pm

What you expect of said keys is a little unclear but I assume you need something different from the usual per user id_rsa, id_rsa.pub.
Perhaps using an intermediate CA would help. This is one of the many write-ups you can find floating around.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

swampdog
Posts: 295
Joined: Fri Dec 04, 2015 11:22 am

Re: SSH with RSA keys for MPI cluster

Fri Nov 15, 2019 9:20 pm

You probably need to elaborate. Note though, it is possible to use the same set of keys all over the place. Typically this is one of those "d'Oh!" moments when someone clones and ships a preconfigured machine and *hasn't* cleared the keys but can be used to good effect if thought out.

tommylovell
Posts: 9
Joined: Mon Dec 31, 2012 6:33 pm

Re: SSH with RSA keys for MPI cluster

Wed Dec 11, 2019 4:04 pm

This post is a little over a month old, but I'll toss my 2cents in.

I don't think that there is a way around having to supply credentials at east once.

I have a private Evernote article I reference when I have a new machine that has this command for each system that I maintain:

Code: Select all

ssh-copy-id -i .ssh/id_rsa.pub pi@raspberrypi40
(I did a 'ssh-keygen -t rsa' years ago, so the key exists.)

In addition to adding the system to my router to make sure that DHCP assigns the same IP everytime, I have an /etc/hosts pre-populated with a large number of Pi's (that don't exist yet...).

With the 'ssh-copy-id' command issued from the "master" system to the target Pi, you then have to supply that Pi account's password at least once. Sorry.

If you have many accounts on many systems, you might be able to automate this with 'expect', or possibly with Ansible. I'm too lazy to find out.

I use Ansible to update all of the target Pies once I put the shared key in place manually. There is a small learning curve to using Ansible, but it is well worth it in the end (vs writing shell scripts to maintain my systems).

swampdog
Posts: 295
Joined: Fri Dec 04, 2015 11:22 am

Re: SSH with RSA keys for MPI cluster

Wed Dec 11, 2019 5:23 pm

tommylovell wrote:
Wed Dec 11, 2019 4:04 pm
This post is a little over a month old, but I'll toss my 2cents in.

I don't think that there is a way around having to supply credentials at east once.
Not on a live system (although sshpass might work if you pass some options to scp so it doesn't ask questions). If you're writing the image to go on the sdcard it can be done. You mount the sdcard after writing it and write the keys directly, updating "authorized_keys" and "known_hosts" accordingly. I didn't mention it to the OP because it would not be reliable unless host names and ip addresses remain unchanged.

Return to “Advanced users”