A stock installation is not useful enough for our purposes. We will follow now a set of steps on each of the machines, with the aim of improving the security of the system.
Enter the server through the console (Ctrl-Alt-F2) by introducing as user
We start by disabling password access on 'deutsch', which will be the root of our system. For that we edit the file /etc/ssh/sshd_config and add a line
There should be no other lines starting with "PasswordAuthentication". The location of this line is pretty much irrelevant, but there is a comment in the file that indicates where it could go.
At this point we have to restart the secure login daemon to make this change valid, which we do from the command line. We do so by restarting the sshd service
From now on, nobody can enter the computer, except using the keyboard+screen or setting up public key authentication. Before implementing the same change on other computers, we have to create such keys in the master. Enter
at the command line and answer all questions by simply pressing
With this we can start to connect this computer to the other ones.
We will continue working on 'deutsch', to implement the changes in the other servers. As an example, I will work through the details of how to harden 'toffoli'. We start by entering toffoli with the root password that we already created and produce new keys
Now we copy the key from 'deutsch', so that we can automatically log-in
At this point we should be able to log-in without password. We use this to update the SSH configuration.
and we restart the server
Fedora Cluster >