Launching interactive apps and cluster login node in ~/.ssh/known_hosts

All,

We have been giving users access to our Open OnDemand server which is running on a VM separate from the cluster. Under the hood they use our shared cluster /home directory mounted over NFS.

The issue that we are running in to is that users cannot launch interactive apps until they log in to the cluster through the Clusters - Shell Access dropdown first via OnDemand. They have logged in to our cluster via SSH before and therefore have a /home directory, however, when they go to our OnDemand site they need to hit ‘yes’ on the [SSH: The authenticity of host loginnode.oursite.edu can’t be established] prompt that very first time to add the login node for our cluster to their ~/.ssh/known_hosts file. Otherwise, on launching the apps they’re getting a “Host Key Verification Failed” error message if they do not.

This has been causing some confusion and we’ve been getting a few questions. How are other sites handling this? I was thinking it maybe possible somehow to add the cluster login node to the ~/.ssh/known_hosts file on login, otherwise I don’t really know how else to bridge that issue. Any ideas are greatly appreciated.

You can add keys system wide at /etc/ssh/ssh_known_hosts. That way folks don’t need to add it to ~/.ssh they’re able to read the system wide configuration. (At OSC we manage this file through puppet, so I have to give a shout out to automation wherever I can)

Ah. Thank you! We didn’t realize we could set it there system wide. That worked great. Much appreciated.