Enabling secure shell

Start your cluster by enabling the egosh command to use secure shell (SSH), instead of remote shell (RSH). Note if you are using Red Hat Enterprise Linux® (RHEL), starting with RHEL 8, use SSH; RHEL versions 8 or later no longer supports RSH.

About this task

Note: Additionally, the egoupgrade cluster command depends on the egosh ego start -f hostname command to remotely start EGO on your hosts. Ensure that RSH or SSH is configured properly on these hosts (see egosh ego start for configuration details).

Procedure

  1. Configure SSH at the operating-system level.

    Before configuring SSH, ensure that you run $EGO_SERVERDIR/egosetsudoers.sh as root.

    1. As cluster administrator, run ssh-keygen to generate the private/public key pairs:
      ssh-keygen -t rsa
Generating public/private rsa key pair
Enter file in which to save the key (/home/user_name/.ssh/id_rsa):

      Press Enter.

      Enter passphrase (empty for no passphrase):

      Press Enter.

      Enter same passphrase again:

      Press Enter.

      Your identification has been saved in /home/user_name/.ssh/id_rsa.
Your public key has been saved in /home/user_name/.ssh/id_rsa.pub.
The key fingerprint is:
31:3b:c2:fd:c1:b8:88:af:ca:91:30:cf:9c:fa:b8:d3
    2. Go to $HOME/.ssh and copy id_rsa.pub as $HOME/.ssh/authorized_keys.
      cp -p id_rsa.pub authorized_keys

      This step assumes $HOME is a shared directory; if not, you must copy the .ssh directory to each host in the cluster.

  2. Optional: In a Linux environment, enable SSH to grant root privileges to a cluster administrator. For details, see Granting root privileges to a cluster administrator.
  3. Enable SSH on the host from which you want to run egosh commands. On that host, define or edit the EGO_RSH parameter in $EGO_CONFDIR/ego.conf: 
    EGO_RSH=ssh | ssh $params

    For example:

    EGO_RSH=ssh -o 'PasswordAuthentication no' -o 'StrictHostKeyChecking no'
    Notes:
    1. SSH must be configured correctly on all hosts. If the egosh command fails because of improper SSH configuration, the command will automatically be retried using RSH.
    2. The user account of the user who starts the cluster must be able to run the ssh commands across all hosts.

    If you want to revert to RSH usage, remove the new line in ego.conf or update it, as follows: 

    EGO_RSH=rsh