Allowing an encrypted private key


#1

Hello,
I’m installing scidb on a shared system where I don’t have root access, or the ability to create a “scidb” user. When running scidb.py initall, it looks like the executable expects there to be an unencrypted private key in .ssh/id_rsa. Because this is a shared file system, I don’t feel comfortable unencrypting my private key (I use it for many other things!)

Is it possible to run scidb using an encrypted private key for ssh authentication?

Thanks for any help,
Jake


#2

I should add one detail: I’m trying to run scidb on a single node with 32 cores, so the only ssh connection required is to localhost.


#3

Hi Jake,

Looks like not by default. Keep in mind you need to make two pieces of machinery happy:

  1. scidb.py
  2. mpi (only if you want to run dense_linear_algebra ops)

Looks like (1) could possibly be made to work with the “ssh-agent” tool.
As for (2) there may be some online help: open-mpi.org/faq/?category=rsh

Let me know if this helps any.


#4

We have confirmed that you can use a keyring for SSH communication when running a SciDB cluster. This post describes how to do so.

[ol]
[li]Create a keyring, suppling a pass phrase:

By default, this creates a key file with a public/private key pair in ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa. If a non-default filename is used for the key pair, it must be listed in the SciDB configuration file for use by scidb.py.
[/li]
[li]Copy the key to all instances—the coordinator and to each worker—to authorize ssh clients connecting to SciDB:

ssh-copy-id -i ~/.ssh/id_rsa.pub scidb@localhost ssh-copy-id -i ~/.ssh/id_rsa.pub scidb@0.0.0.0 ssh-copy-id -i ~/.ssh/id_rsa.pub scidb@127.0.0.1 ssh-copy-id -i ~/.ssh/id_rsa.pub scidb@<worker_url>
[/li]
[li] You will always need to run ssh-agent in order for SciDB to work. To start ssh-agent whenever the scidb user logs on, add the following code to the .bashrc file for the SciDB user:

[code]SSH_ENV="$HOME/.ssh/environment"

function start_agent {
echo “Initialising new SSH agent…”
/usr/bin/ssh-agent | sed ‘s/^echo/#echo/’ > "${SSH_ENV}"
echo succeeded
chmod 600 “${SSH_ENV}”
. “${SSH_ENV}” > /dev/null
/usr/bin/ssh-add;
}

Source SSH settings, if applicable

if [ -f “${SSH_ENV}” ]; then
. “${SSH_ENV}” > /dev/null
#ps ${SSH_AGENT_PID} doesn’t work under cywgin
ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
start_agent;
}
else
start_agent;
fi[/code][/li]
[li] To confirm SSH is working correctly, login to the localhost (and 0.0.0.0 and 127.0.0.1) and each remote host.

ssh scidb@localhost ssh scidb@0.0.0.0 ssh scidb@127.0.0.1 ssh scidb@<worker_url>[/li][/ol]