Alright, personally I always prefer
RermitRootLogon nopwd
Over the option you've outlined. This plugs up some security holes.
>From each server which needs to accept SSH requests, ssh FROM them into your
monitoring system. (your LVS, from what it sounds like) Do this as root so
that the keys from your LVS are stored in root's known_hosts file. (Be sure
you answer yes to any question asking you to save the file)
Now try sshing (manually, once again) from your monitoring system into a
server you want to SSH into. Do this as root, once again, so that its key
file can be stored on your monitoring system's root's known_hosts file. (Be
sure you answer yes to any question asking yout o save the file)
After doing all of this -- ssh SHOULD work.
All the best --
Ted
----- Original Message -----
From: "Pietro Ravasio" <pietro.ravasio@xxxxxxxxxxxxx>
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, September 27, 2000 12:58 PM
Subject: Semi-OT: ssh configuration for LVS
> Hi,
>
> sorry for this new (semi) OT: I'm trying to use "weighted least
connection"
> algorithm with LVS, I don't want to use rsh or ruptime tools, but ssh
> doesn't seem to work (my lvs.cf configuration: rsh_command=ssh,
> load_monitor=uptime).
>
> I'm using openSSH 2.2.0, and I've configured it as follows:
> PermitRootLogin yes
> IgnoreRhosts no
> RhostsRSAAuthentication yes
> RSAAuthentication yes
>
> I've added /root/.shosts file and filled it with "lvs_ip_address root"
entries.
>
> If I set "RSAAuthentication yes" ssh server cotinues asking me my RSA key
> password even if I'm trying to connect from a "known" (=present in
> /root/.shosts file) host, if I set "RSAAuthentication no" ssh server
> replies me "permission denied".
>
> As a result, in /var/log/messages i find a lot of messages of this kind:
> Sep 26 19:19:43 lvs1 nanny[1708]: The following exited abnormally:
> Sep 26 19:19:43 lvs1 nanny[1708]: running command "ssh" "172.16.0.22"
"uptime"
> Sep 26 19:19:43 lvs1 nanny[1708]: failed to read remote load
>
> Where I'm going wrong?
> Pietro Ravasio
>
> P.S.: I'm running ssh server via inetd and have added right entries in
> /etc/hosts.allow and hosts.deny files.
>
>
>
>
|