Re: SSH health checking with ldirectord

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: SSH health checking with ldirectord
From: Roberto Nibali <ratz@xxxxxxxxxxxx>
Date: Mon, 05 Mar 2007 17:21:35 +0100
Hi Sal,

Would an http check work for SSH?

No, I goofed. Didn't read your email seriously enough; my apologies.

Doesn't seem like it would. SSH spits
out the version string when you connect, then, I believe the client
spits out it's identification string (The RFC doesn't really say what
that should be) then they go to a 'packet based binary protocol', so I
don't think I can parse the return from the server at that point,


assuming I can figure out what a correct client string is (perhaps with
packet sniffing)

New question: What more do you expect to get from connecting to sshd with a custom health check than with the port check?

Well, it does not seem to be a message created/logged directly by ldirectord, but rather something like the identd. If you don't want this message, you have two options:

Well, it's ssh logging through syslog because ssh sees it as unusual and
worthy of noting that someone connected to the port then dropped the
connection. I would normally want these messages, just not from the
directors. I guess I'll read up on syslog filtering. Never needed to do
it before, so I never even thought of this option. Thanks!

If you deploy syslog-ng (recommended anyway) it's dead simple. I'll gladly help you configuring it if you don't get it running, at least to remedy my previous lapse :)

Best regards,
Roberto Nibali, ratz
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

<Prev in Thread] Current Thread [Next in Thread>