Re: ssh service using lvs-dr

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: ssh service using lvs-dr
From:	Horms <horms@xxxxxxxxxxxx>
Date:	Tue, 8 Feb 2005 16:42:23 +0900

On Fri, Feb 04, 2005 at 05:37:01PM -0600, Karen Shepelak wrote:
>     I have met with success at getting ssh connections to work to LVS
> by running a separate sshd for the VIP on each realserver. I don't know
> if this is a normal part of the setup for the realservers or not, as I 
> did not see
> any instruction about having to do this anywhere, but it certainly got 
> things
> working. Also note that arp patches, arptable settings, nor noarp module,
> made any difference in getting ssh to work.

Yes, ssh does need to listen to the VIP.
Likely what is happening is that when ssh starts up,
it looks for what IP addresses are bound to the
local interfaces and listens on those addresses.
So if you subsequently bring up the VIP, it won't be listening
on that address. Either that or you have ssh set to listen
to specific addresses and the VIP isn't one of them.

In any case, yes, you need ssh to listen on the VIP for
it to accept connections on the VIP

>     Though I am finally able to ssh to LVS,  I am now encountering a 
> new battle.
> To complete our LVS configuration, we need to have LVS working with
> kerberos and opensafs (also installed on our machines). So now, though I am
> finally able to ssh to LVS, I am seeing that we are not able to create 
> afs tokens.
> We have narrowed down  this new problem to our version of ssh: 
> OpenSSH_3.5p1f1.
> Error we get is:
> 
> [karen@neptune karen]$ ssh -l shepelak minos-lvs01
> 
> Last login: Fri Feb  4 16:34:23 2005 from linux-test.fnal.gov
> aklog: Couldn't get fnal.gov AFS tickets:
> aklog: unknown RPC error (-1765328346) while getting AFS tickets
> /usr/X11R6/bin/xauth:  timeout in locking authority file 
> /afs/fnal.gov/files/home/room3/shepelak/.Xauthority
> Terminal type is xterm
> There are no available articles.
> /bin/touch: creating `/afs/fnal.gov/files/home/room3/shepelak/.Info': 
> Permission denied
> <minos09>
> 
> Any of you out there running LVS with kerberos, openafs and openssh on your 
> LTS303 linux machines? 
> Thanks for any help,

Ok, there seem to be a few problems there.

1. xauth isn't working. You should probably just turn off xforwarding in
   your sshd config rather than make xauth work.

2. You user doesn't have permission to access
   /afs/fnal.gov/files/home/room3/shepelak/.Info

-- 
Horms

<Prev in Thread]	Current Thread	[Next in Thread>
ssh service using lvs-dr, Karen Shepelak Re: ssh service using lvs-dr, Joseph Mack Re: ssh service using lvs-dr, Joseph Mack Re: ssh service using lvs-dr, Karen Shepelak Re: ssh service using lvs-dr, Karen Shepelak Re: ssh service using lvs-dr, Joseph Mack Re: ssh service using lvs-dr, Karen Shepelak Re: ssh service using lvs-dr, Joseph Mack Re: ssh service using lvs-dr, Matthew R. Kivela Re: ssh service using lvs-dr, Horms <= Re: ssh service using lvs-dr, Karen Shepelak Re: ssh service using lvs-dr, Joseph Mack Re: ssh service using lvs-dr, Joseph Mack

Previous by Date:	Re: heartbeat feature request: "Noisy" gratuitous arp, Horms
Next by Date:	Re: Error building 2.6.10 kernel with ip_vs_nfct patch - does anyone else get this?, Horms
Previous by Thread:	Re: ssh service using lvs-dr, Matthew R. Kivela
Next by Thread:	Re: ssh service using lvs-dr, Karen Shepelak
Indexes:	[Date] [Thread] [Top] [All Lists]