Passwordless ssh between hosts
Previously, we have not provided users with an easy way to do passwordless
ssh (particularly from startup scripts) between nodes in their experiments.
This is becoming problematic, as many popular software stacks (eg. hadoop, openstack, chef) want to do this. Users are rolling their own ways of doing it, doing so badly, and getting broken into as a result.
We have considered three possibilities so far:
- Set this up for the
rootuser only: straightfoward to do, but encourages users to use
rootaccount and they may not find it easily
- Set up for each individual user account: Tricky to do due to having many user accounts, and very problematic with NFS home directories
- Use an
shoststype mechanism to capture all accounts: appealing, but might force us to bite the bullet of per-host ssh keys in order to do it securely