7.00.02 - Setting Up Passwordless Authentication for Beehive User - Aster Execution Engine

Aster Instance Installation Guide for Aster-on-Hadoop Only

Aster Execution Engine
July 2017
Ensure that SSH keys for the beehive user are set up on all nodes.
  1. Log in to the queen as the “root” user.
  2. Issue this command to switch to the beehive user: # su - beehive
  3. Change to the beehive directory: $ cd /home/beehive
  4. Generate a new key by running the following command: $ ssh-keygen -t dsa
  5. You will be prompted to enter the directory where the key should be saved. Press Enter to accept the default directory:
    Enter file in which to save the key (/home/beehive/.ssh/id_dsa):
    Press [Enter] key
  6. Press Enter when prompted for a passphrase. If you create a passphrase the installation will fail:
    Enter passphrase (empty for no passphrase): Press [Enter] key
    Enter same passphrase again: Press [Enter] key
    Your identification has been saved in /home/beehive/.ssh/id_dsa.
    Your public key has been saved in /home/beehive/.ssh/id_dsa.pub.
    The key fingerprint is:
    04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01 beehive@auser-queen
  7. Change to the directory where your key file was created: $ cd .ssh
  8. Append your DSA key file to authorized_keys to make it an SSH authorized key: $ cat id_dsa.pub >> authorized_keys
  9. Change the permissions on the authorized key file by entering one of these commands:
    • $ chmod 600 authorized_keys
    • $ chmod og-rwx authorized_keys
  10. Confirm that the authorized key file works:
    1. Issue an SSH command to localhost: $ ssh localhost date
    2. If you are asked to confirm, type yes.
    3. Press Enter.
    The command should then succeed without prompting for a password.
  11. Exit the SSH session: $ exit
  12. Make sure the worker nodes are powered on and booted into their OS.
  13. On the queen, change the working directory to beehive’s home directory: $ cd
  14. Copy the key file to each of the Aster instance nodes:
    1. Run these commands, specifying the IP address of the node to which you are copying the key: $ scp -pr /home/beehive/.ssh/ root@node-IP:/home/beehive/ $ ssh root@node-IP "chown -R beehive:beehive /home/beehive/.ssh"
    2. If you are asked to confirm, type yes.
    3. Press Enter.
    4. If you are prompted for a password, enter the password.
  15. Verify that you can SSH from the queen to each worker node (and back) without a password, and that you can SSH from a node to itself without a password. (Also, clear any questions of the form "The authenticity of host XYZ can't be established. … Are you sure you want to continue connecting…?")
    1. Change to the user beehive: # su - beehive
    2. If you do not already have each queen and worker node's IP address, FQDN (Fully-Qualified Domain Name) such as "worker1.engineering.teradata.com", and short domain name such as "worker1", get this information now. To get a node's FQDN, execute hostname -f on the node. The short domain name is typically the first part of the FQDN (up to the first "." character).
    3. If you are not already on the queen, SSH to the queen: ssh <queen-IP>
    4. Verify passwordless SSH between the queen and worker for each worker node's IP address, FQDN, and short domain name. Also, make sure that the worker can SSH to itself. Execute these commands for each worker: $ ssh worker-node-IP $ ssh localhost $ ssh queen-IP $ exit $ exit $ exit $ ssh worker-FQDN $ ssh queen-FQDN $ exit $ exit $ ssh worker-short-name $ ssh queen-short-name $ exit $ exit
    5. Check that the queen node can SSH to itself. Execute these commands on the queen node: $ ssh localhost $ exit
    6. Exit from user beehive: $ exit