Re: Semi-OT: ssh configuration for LVS

To:	<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, "Pietro Ravasio" <pietro.ravasio@xxxxxxxxxxxxx>
Subject:	Re: Semi-OT: ssh configuration for LVS
From:	"Ted Pavlic" <tpavlic@xxxxxxxxxxx>
Date:	Thu, 28 Sep 2000 06:03:52 -0400

Alright, personally I always prefer

RermitRootLogon nopwd

Over the option you've outlined. This plugs up some security holes.

>From each server which needs to accept SSH requests, ssh FROM them into your
monitoring system. (your LVS, from what it sounds like) Do this as root so
that the keys from your LVS are stored in root's known_hosts file. (Be sure
you answer yes to any question asking you to save the file)

Now try sshing (manually, once again) from your monitoring system into a
server you want to SSH into. Do this as root, once again, so that its key
file can be stored on your monitoring system's root's known_hosts file. (Be
sure you answer yes to any question asking yout o save the file)

After doing all of this -- ssh SHOULD work.

All the best --
Ted

----- Original Message -----
From: "Pietro Ravasio" <pietro.ravasio@xxxxxxxxxxxxx>
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, September 27, 2000 12:58 PM
Subject: Semi-OT: ssh configuration for LVS


> Hi,
>
> sorry for this new (semi) OT: I'm trying to use "weighted least
connection"
> algorithm with LVS, I don't want to use rsh or ruptime tools, but ssh
> doesn't seem to work (my lvs.cf configuration: rsh_command=ssh,
> load_monitor=uptime).
>
> I'm using openSSH 2.2.0, and I've configured it as follows:
> PermitRootLogin yes
> IgnoreRhosts no
> RhostsRSAAuthentication yes
> RSAAuthentication yes
>
> I've added /root/.shosts file and filled it with "lvs_ip_address root"
entries.
>
> If I set "RSAAuthentication yes" ssh server cotinues asking me my RSA key
> password even if I'm trying to connect from a "known" (=present in
> /root/.shosts file) host, if I set "RSAAuthentication no" ssh server
> replies me "permission denied".
>
> As a result, in /var/log/messages i find a lot of messages of this kind:
> Sep 26 19:19:43 lvs1 nanny[1708]: The following exited abnormally:
> Sep 26 19:19:43 lvs1 nanny[1708]: running command  "ssh" "172.16.0.22"
"uptime"
> Sep 26 19:19:43 lvs1 nanny[1708]: failed to read remote load
>
> Where I'm going wrong?
> Pietro Ravasio
>
> P.S.: I'm running ssh server via inetd and have added right entries in
> /etc/hosts.allow and hosts.deny files.
>
>
>
>

<Prev in Thread]	Current Thread	[Next in Thread>
Semi-OT: ssh configuration for LVS, Pietro Ravasio Re: Semi-OT: ssh configuration for LVS, Ted Pavlic <= Re: Semi-OT: ssh configuration for LVS, Pietro Ravasio Re: Semi-OT: ssh configuration for LVS, Keith Barrett Re: Semi-OT: ssh configuration for LVS, Pietro Ravasio

Previous by Date:	Semi-OT: ssh configuration for LVS, Pietro Ravasio
Next by Date:	Re: Semi-OT: ssh configuration for LVS, Pietro Ravasio
Previous by Thread:	Semi-OT: ssh configuration for LVS, Pietro Ravasio
Next by Thread:	Re: Semi-OT: ssh configuration for LVS, Pietro Ravasio
Indexes:	[Date] [Thread] [Top] [All Lists]