PRIMECLUSTER includes the following facilities for cluster communications if you do not want to use .rhosts:
cfcp/cfsh
sshconf (not supported by Wizard Tools)
These tools are provided to allow cluster configuration in an environment which does not permit rsh and rcp. They are specialized utilities that do not provide all the functionality of rsh and rcp and are not intended as replacements.
CF includes the ability to allow cluster nodes to execute commands on another node (cfsh) and to allow cluster nodes to copy files from one node to another (cfcp). However, this means that your cluster interconnects must be secure since any node that can join the cluster has access to these facilities. Because of this, these facilities are disabled by default.
PRIMECLUSTER 4.1 and higher offers a chance to configure these facilities. As one of the final steps of the CF Configuration Wizard in the Cluster Adm GUI, there are two checkboxes. Checking one enables remote file copying and checking the other enables remote command execution.
To enable remote access using cfcp/cfsh, set the following parameters in cluster.config:
CFCP "cfcp" CFSH "cfsh"
To deactivate, remove the settings from the /etc/default/cluster.config file and run cfset -r.
Refer to the Section "1.1.2 cfset" in this chapter for more information.
You can use the sshconf tool to set up non-interactive ssh access among a list of nodes. Running sshconf is similar to setting up the .rhosts file for rsh.
sshconf uses the RSA authentication method and protocol version 2. If it exists, sshconf uses the default authentication key $HOME/.ssh/id_rsa, or it creates the key it if does not already exist.
Example
Examples of the sshconf tool are as follows:
Enable one way access between nodes:
fuji2# sshconf fuji3 fuji4 fuji5
Running this command on fuji2 sets up one way ssh access from fuji2 to fuji3, fuji4, and fuji5 respectively.
Disable one-way access to a node:
fuji2# sshconf -d fuji3 fuji4 fuji5
Running this command on fuji2 disables ssh access from fuji2 to fuji3, fuji4, and fuji5. This means that fuji2 does not have ssh access to fuji3, fuji4, and fuji5; however, fuji3, fuji4, and fuji5 still have the same ssh access as before running the command.
Enable two-way access without password:
fuji2# sshconf -c fuji3 fuji4 fuji5
Running this command on fuji2 sets up ssh access among fuji3, fuji4, and fuji5 without being asked for a password. Note that fuji2 (where the command is run) is not automatically included. fuji2 only has one-way ssh access to fuji3, fuji4, and fuji5.
Note
ssh is not supported by Wizard Tools.