hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Sammer <esam...@cloudera.com>
Subject Re: ssh passwordless login "without" public key authentication
Date Fri, 31 Dec 2010 22:33:52 GMT
What you're referring to is host key auth and there's no way to stop ssh
from using it. It's intrinsic to the way it works. What you can do is
disable strict host key checking such that ssh won't ask and will blindly
trust any host it connects to. This is a BAD IDEA, but can be done by
setting StrictHostKeyChecking to 'no' in the client's ssh config at the
machine level (in /etc/ssh/ssh_config) or the user level (in ~/.ssh/config).

A much better option is to automate the usage of ssh-keyscan (see the man
page) to "learn" new hosts in a controlled environment prior to deployment.

All of this is documented in ssh's various man pages. See ssh_config(5),
ssh(1), and ssh-keyscan(1) for details.

On Fri, Dec 31, 2010 at 5:26 PM, Hiller, Dean (Contractor) <
dean.hiller@broadridge.com> wrote:

> Every time we add a blade, getting passwordless login setup seems to be
> a pain as the master has to be modified to "know" about the node so we
> don't get prompted with do you know this key DF:ER:5R:etc. etc. and
> typically this is done quickly by doing ssh <user>@<newnode> and just
> answering yes  (assuming the .ssh directory is just coming from a
> standard image).
> Word has it there is a way to do automatic login so as we add blades,
> our goal is really just to discover that(some systems are starting to
> have that like cisco UCS) and then automatically add that to the slaves
> file.
> Does anyone know how to do passwordless ssh without publich key
> authentication OR at the very least tell the master to "trust" all nodes
> out there so it never prompts for the do you want to trust the key
> question?
> The authenticity of host 'dhiller ()' can't be established.
> RSA key fingerprint is 94:95:c6:70:9c:ce:48:ca:db:6f:ff:ab:95:47:01:11.
> Are you sure you want to continue connecting (yes/no)?
> Thanks,
> Dean
> This message and any attachments are intended only for the use of the
> addressee and
> may contain information that is privileged and confidential. If the reader
> of the
> message is not the intended recipient or an authorized representative of
> the
> intended recipient, you are hereby notified that any dissemination of this
> communication is strictly prohibited. If you have received this
> communication in
> error, please notify us immediately by e-mail and delete the message and
> any
> attachments from your system.

Eric Sammer
twitter: esammer
data: www.cloudera.com

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message