How BlueBEAR grid workers use ssh

Grid workers run under Torque and this uses the ssh protocol to copy files from the CE to the worker during the job stage-in process, and to copy standard output/error files back to the CE at the end of the job.

Usually grid workers use host-based-authentication to allow them to copy from/to the CE. That is, the CE trusts each worker and knows their public host keys.

BB grid workers are on a private network, behind a NAT router/firewall. So the normal sort of host-based-authentication that grid-workers use is inappropriate.

Instead, on BB, each grid userid has its own ssh key pair in the usual $HOME/.ssh directory. A backup copy of this ssh key pair can be found on BB at /egee/skel/. This allows restore in the case of accidental erasure by the grid user, without having to re-generate the keys.

All the public keys are kept in a single authorized-keys file on the corresponding CE in the /etc/ssh/extra directory. This directory is private for security reasons.

-- LawrenceLowe - 22 Dec 2009

Topic revision: r2 - 19 Jan 2010 - 12:50:52 - LawrenceLowe
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback