I usually create service-specific unpriviliged accounts with their own SSH keys with no passphrases for this purpose. If there are many services/users that need to log in between the boxes, and you don't mind the boxes trusting each other completely, you can use HostBasedAuthentication, which is sort of like rhosts, but with SSH Public Key authentication. Then any user can SSH between boxes that are in /etc/ssh/shosts.equiv with no password, and no user-specific key/passphrase required. On Wed, Nov 30, 2005 at 01:38:42PM -0800, Mike Leo wrote:
that was all good info...thanks.
We need to ssh via a service so we can't use a username/password scheme, and, well, it should work!!
also, oracle requires this ability to setup their Oracle RAC database, to/from each node in the cluster.