-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Leo,
If you try running your ssh command by first logging in interactively
as the apache user and then running the command you will most likely
discover that ssh is prompting you to verify the host key. This is
because it's the first time you're connecting to the StarCluster head
node from your apache server:
$ su - apache -s /bin/sh
$ ssh -i /home/ec2-user/.ssh/key_file.rsa ubuntu_at_xxxxx.amazonaws.com
The authenticity of host '192.168.0.100 (192.168.0.100)' can't be
established.
RSA key fingerprint is 3f:1b:f4:bd:c5:aa:c1:1f:bf:4e:2e:cf:53:fa:d8:59.
Are you sure you want to continue connecting (yes/no)?
If you wish to accept the host key and connect in a one-liner you'll
need to pass "-o StrictHostKeyChecking=no" to your ssh command to
avoid being prompted:
$ ssh -i /home/ec2-user/.ssh/key_file.rsa -o StrictHostKeyChecking=no \
ubuntu_at_xxxxx.amazonaws.com
You should really only do this the *first* time you connect otherwise
you're subject to man in the middle, etc.
HTH,
~Justin
On 10/27/2011 12:55 AM, liang cheng wrote:
> Hi,
>
> I'm experimenting how to allow apache user to run a script sitting
> on the star cluster from a front end EC2 instance.
>
> At the front end server, when I tried to login as apache user to
> run the script, I got this:
>
> sudo su -s /bin/sh apache -c "ssh -i
> /home/ec2-user/.ssh/key_file.rsa
> ubuntu_at_xx-xx-xx-xxx.compute-1.amazonaws.com" Warning: Identity file
> /home/ec2-user/.ssh/key_file.rsa not accessible: Permission
> denied. Could not create directory '/var/www/.ssh'. Host key
> verification failed.
>
> Then I tried to move the rsa file to a directory that apache user
> has the permission to read. But when running the line below. I
> still get error message:
>
> sudo su -s /bin/sh apache -c "ssh -i
> /home/ec2-user/.ssh/key_file.rsa
> ubuntu_at_xx-xx-xx-xxx.compute-1.amazonaws.com"
>
> Host key verification failed.
>
> Can someone help me ? Does star cluster natively support this kind
> of application ? Ideally the apache user should be able to run
> scrip on star cluster and get the output of the script, all from
> the front end apache server machine.
>
> Thanks, -Leo _______________________________________________
> StarCluster mailing list StarCluster_at_mit.edu
> http://mailman.mit.edu/mailman/listinfo/starcluster
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk6usJAACgkQ4llAkMfDcrmfxwCcC1VDkqVjmtGxAF22SAylWIY5
Q9IAoIeuQl5EFbyWYbCSEZjMhp7xabkt
=lk3/
-----END PGP SIGNATURE-----
Received on Mon Oct 31 2011 - 10:28:35 EDT