Answer: 1. Yes. The method to do this has changed over the different versions of Open MPI. 1. v1.3 series: The plm_rsh_agent MCA parameter accepts a colon-delimited list of programs to search for in your path to use as the remote startup agent. The default value is "ssh : rsh", meaning that it will look for ssh first, and if it doesn't find it, use rsh. You can change the value of this parameter as relevant to your environment, such as simply changing it to rsh or rsh : ssh if you have a mixture. 2. v1.1 and v1.2 series: The v1.1 and v1.2 method is exactly the same as the v1.3 method, but the MCA parameter name is slightly different: pls_rsh_agent ("pls" vs. "plm"). Using the old "pls" name will continue to work in the v1.3 series, but it is now officially deprecated -- you'll receive a warning if you use it. 3. v1.0 series: In the 1.0.x series, Open MPI defaults to using ssh for remote startup of processes in unscheduled environments. You can change this to rsh by setting the MCA parameter pls_rsh_agent to rsh. See this FAQ entry for details on how to set MCA parameters -- particularly with multi-word values.

Answer: 2. If you are using rsh to launch processes on remote nodes, There are multiple ways. Note that there are two mainstream versions of ssh. One is the freeware package OpenSSH; the other is SSH, a commercial package from SSH Communications Security Corp. This documentation provides an overview for using user keys and the OpenSSH 2.x key management agent (if your OpenSSH only supports 1.x key management, you should upgrade). See the OpenSSH documentation for more details and a more thorough description. The process is essentially the same for the commercial SSH, but the command names and filenames are slightly different. Consult the SSH documentation for more details. References to ssh in this text refer to OpenSSH. Normally, when you use ssh to connect to a remote host, it will prompt you for your password. However, in order for lamboot and recon to work properly, you need to be able to execute jobs on remote nodes without typing in a password. In order to do this, you will need to set up RSA (ssh 1.x and 2.x) or DSA (ssh 2.x) authentication. We recomend using DSA authentication as it is generally "better" (i.e., more secure) than RSA authentication. As such, this text will describe the process for DSA setup -- RSA setup is analogous, but takes slightly different commands and filenames. This text will briefly show you the steps involved in doing this, but the ssh documentation is authorative on these matters should be consulted for more information. The first thing that you need to do is generate an DSA key pair to use with ssh-keygen: shell$ ssh-keygen -t dsa Accept the default value for the file in which to store the key ([$HOME/.ssh/id_dsa]) and enter a passphrase for your keypair. You may choose to not enter a passphrase and therefore obviate the need for using the ssh-agent. However, this weakens the authentication that is possible, because your secret key is potentially vulnerable to compromise because it is unencrypted. See the ssh documentation. Next, copy the $HOME/.ssh/id_dsa.pub file generated by ssh-keygen to $HOME/.ssh/authorized_keys: shell$ cd $HOME/.ssh shell$ cp id_dsa.pub authorized_keys In order for DSA authentication to work, you need to have the $HOME/.ssh directory in your home directory on all the machines you are running Open MPI on. If your home directory is on a common filesystem, this is already taken care of. If not, you will need to copy the $HOME/.ssh directory to your home directory on all Open MPI nodes (be sure to do this in a secure manner -- perhaps using the scp command), particularly if your secret key is not encrypted). ssh is very particular about file permissions. Ensure that your home directory on all your machines is set to mode 755, your $HOME/.ssh directory is also set to mode 755, and that the following files inside $HOME/.ssh have the following permissions: -rw-r--r-- authorized_keys -rw------- id_dsa -rw-r--r-- id_dsa.pub -rw-r--r-- known_hosts You are now set up to use DSA authentication. However, when you ssh to a remote host, you will still be asked for your DSA passphrase (as opposed to your normal password). This is where the ssh-agent program comes in. It allows you to type in your DSA passphrase once, and then have all successive invocations of ssh automatically authenticate you against the remote host. To start up the ssh-agent, type: shell$ eval `ssh-agent` You will probably want to start the ssh-agent before you start X, so that all your windows will inherit the environment variables set by this command. Note that some sites invoke ssh-agent for each user upon login automatically; be sure to check and see if there is an ssh-agent running for you already. Once the ssh-agent is running, you can tell it your passphrase by running the ssh-add command: shell$ ssh-add $HOME/.ssh/id_dsa At this point, if you ssh to a remote host that has the same $HOME/.ssh directory as your local one, you should not be prompted for a password. If you are, a common problem is that the permissions in your $HOME/.ssh directory are not as they should be. Note that this text has covered the ssh commands in very little detail. Please consult the ssh documentation for more information. NOTE: OSCAR users should already have passwordless-[ssh] setup, and should not need to perform any of the above steps.