ssh-keygen problem
 

I have a cluster system using NIS and I can't seem to get the ssh keys to work with users anymore. Up until last week I could get this to work, but now I can't. Older users that I added keys for still continue to work fine, just not any new users. This is what I've been doing. Maybe someone can tell me if they see something I'm doing wrong...

###########################################
1. useradd mike
2. passwd mike
3. su mike
4. cd ~
5. ssh-keygen -b 1024 -t rsa (hit enter through all optons)
6. cd .ssh
7. cp id_rsa.pub authorized_keys
8. cp /root/knownhosts . (this is a list of known hosts)
9. cd /var/yp
10. make
###########################################

After this, the users used to be able to type "ssh node1" or any node and it would allow them to login with no password. Now when any new user does that it asks for a password. Above is what I've done for everyone else before and it always worked. Can someone see what might be wrong? Thanks!

Anything useful popping up when you run verbose mode (ssh -v node1)?

Good Point Avarus. I'll try that on Monday when I get back to work. Thanks for the tip... :)

Okay, I've run the -v option using SSH and tried comparing an account that works against one that does not and this is what I've come up with. Below, I'm starting with where the lines become different between both users.

# debug1: Authentication that can continue: publickey, password, keyboard-interactive
# debug1: next auth method is publickey
# debug1: try privkey: /home/user2/.ssh/identify
# debug1: try publickey: /home/user2/.ssh/id_rsa
# debug1: Authentication that can continue: publickey, password, keyboard-interactive
# debug1: try privkey: /home/user2/.ssh/id_dsa
# debug1: next auth method is to try keyboard-interactive
# debug1: Authentication that can continue: publickey, password, keyboard-interactive
# debug1: next auth method is to try password

I see the problem is slapping me in the face, but I can't figure out why... All the files that I have in the .ssh directory are known_hosts, id_rsa, id_rsa.pub and authorized_keys.

Any direction to look would be great. :)

Hum.. I think I'm narrowing it down to an NIS problem. When I do a 'ypcat passwd' on any node I don't see the names of the new accounts I created...

I also looked into the /etc/sysconfig/network and saw that the NISDOMAIN was different on my master node then it was on my slave nodes.

I've changed them all to be on the correct NIS domains now, but is there a way that I can restart the NISDOMAIN without having to reboot every node?

I figured it all out. The only reason I'm post is just in case anyone else has the problem.

It turns out that my nodes weren't on the correct NIS domain. After typing "domainserver mydomainname" and restarting the ypbind it started working again.