The N1 Grid Service Provisioning System 5.0 requires the following SSH capabilities:
Remote command invocation through ssh
Public-private key authentication
Support for BatchMode yes interaction, which is the ability to invoke the ssh command without interaction from an operator
If you are using the ssh-agent, the following SSH capabilities are required:
Support for ssh-agent.
Support for ssh-agent forwarding in SSH. Use the -A option in Open SSH.
The following capabilities are helpful when configuring machines for SSH connectivity, but are not requirements:
Force allocate a tty when doing remote command invocation. Use the -t option in OpenSSH.
Kill the ssh agent. Use the -k option for the ssh-agent command in OpenSSH.
Generate an RSA key for higher security. Use the -t rsa in OpenSSH.
Review the following checklist to determine whether an implementation of SSH meets the requirements of the N1 Grid Service Provisioning System 5.0.
The ssh-keygen command must generate a public-private key pair that can be used for authenticating SSH invocations.
On the specified host, without prompting for any extra information to exchange host keys, obtain a password, etc., when the private key used for authentication was created without a password or with an empty password, the ssh command must be able to execute the following:
% ssh –o `BatchMode yes' hostname |
After hopping from the current host to host1 to host2 to host3, on host3 with the ssh-agent running on the current host, uploaded with a private key created with a non-empty password, without prompting for any extra information to exchange host keys, obtain a password, etc., the ssh command must be able to execute the following:
% ssh –o `BatchMode yes' –A host1 ssh –o `BatchMode yes' –A host2 ssh –o `BatchMode yes' host3 |
The ssh command must be able to correctly pipe its own standard input, output, and error streams to the command being executed on the remote machine.
The ssh-add command must be able to upload private keys with non-empty passwords into the ssh-agent so that the private keys can be used for authentication.