How BlueBEAR grid workers use ssh
Grid workers run under Torque and this uses the ssh protocol to copy files from the CE to the worker during the job stage-in process, and to copy standard output/error files back to the CE at the end of the job.
Usually grid workers use host-based-authentication to allow them to copy from/to the CE. That is, the CE trusts each worker and knows their public host keys.
BB grid workers are on a private network, behind a NAT router/firewall. So the normal sort of host-based-authentication that grid-workers use is inappropriate.
Instead, on BB, each grid userid has its own ssh key pair in the usual $HOME/.ssh directory. A backup copy of this ssh key pair can be found on BB at /egee/skel/. This allows restore in the case of accidental erasure by the grid user, without having to re-generate the keys.
All the public keys are kept in a single authorized-keys file on the corresponding CE in the /etc/ssh/extra directory. This directory is private for security reasons.
--
LawrenceLowe - 22 Dec 2009
Topic revision: r2 - 19 Jan 2010 - _47C_61UK_47O_61eScience_47OU_61Birmingham_47L_61ParticlePhysics_47CN_61lawrence_32lowe