On Fri, Feb 04, 2005 at 05:37:01PM -0600, Karen Shepelak wrote:
> I have met with success at getting ssh connections to work to LVS
> by running a separate sshd for the VIP on each realserver. I don't know
> if this is a normal part of the setup for the realservers or not, as I
> did not see
> any instruction about having to do this anywhere, but it certainly got
> things
> working. Also note that arp patches, arptable settings, nor noarp module,
> made any difference in getting ssh to work.
Yes, ssh does need to listen to the VIP.
Likely what is happening is that when ssh starts up,
it looks for what IP addresses are bound to the
local interfaces and listens on those addresses.
So if you subsequently bring up the VIP, it won't be listening
on that address. Either that or you have ssh set to listen
to specific addresses and the VIP isn't one of them.
In any case, yes, you need ssh to listen on the VIP for
it to accept connections on the VIP
> Though I am finally able to ssh to LVS, I am now encountering a
> new battle.
> To complete our LVS configuration, we need to have LVS working with
> kerberos and opensafs (also installed on our machines). So now, though I am
> finally able to ssh to LVS, I am seeing that we are not able to create
> afs tokens.
> We have narrowed down this new problem to our version of ssh:
> OpenSSH_3.5p1f1.
> Error we get is:
>
> [karen@neptune karen]$ ssh -l shepelak minos-lvs01
>
> Last login: Fri Feb 4 16:34:23 2005 from linux-test.fnal.gov
> aklog: Couldn't get fnal.gov AFS tickets:
> aklog: unknown RPC error (-1765328346) while getting AFS tickets
> /usr/X11R6/bin/xauth: timeout in locking authority file
> /afs/fnal.gov/files/home/room3/shepelak/.Xauthority
> Terminal type is xterm
> There are no available articles.
> /bin/touch: creating `/afs/fnal.gov/files/home/room3/shepelak/.Info':
> Permission denied
> <minos09>
>
> Any of you out there running LVS with kerberos, openafs and openssh on your
> LTS303 linux machines?
> Thanks for any help,
Ok, there seem to be a few problems there.
1. xauth isn't working. You should probably just turn off xforwarding in
your sshd config rather than make xauth work.
2. You user doesn't have permission to access
/afs/fnal.gov/files/home/room3/shepelak/.Info
--
Horms
|