HPE Community
Operating System - HP-UX
1830978 Members
2015 Online
110018 Solutions
New Discussion

using ssh in ha-environment with mc service-guard

 
SOLVED
Go to solution
Martin Christov
Advisor

‎07-07-2003 05:55 AM

‎07-07-2003 05:55 AM

using ssh in ha-environment with mc service-guard

Hi all,
I am going to introduce ssh/scp in my network with several mcsg-cluster. For my cron-Jobs I need remote-access via null-ssh-password. Everything works fine but if I use the relocatable hostname/IPA after the mcsg-package-switch I am not able to access the remote host without manual interaction:
- I have to remove the line from known_hosts
- I have to answer "yes" (see below)
ssh rdbcid88 date
The authenticity of host 'rdbcid88 (192.168.1.57)' can't be established.
RSA key fingerprint is fe:7b:8f:32:e6:b9:ca:6d:e3:ee:8b:2b:17:7f:0f:51.
Are you sure you want to continue connecting (yes/no)?

...

Following trick produce the same problem:
print "ssh rdbcid88 date <<-EOF\nyes\nEOF" > /var/tmp/ssh.exe
chmod 750 /var/tmp/ssh.exe
cat /var/tmp/ssh.exe
ssh rdbcid88 date <<-EOF
yes
EOF

Any Ideas how to "autoinsert" yes to the above question or how to handle mcsg-ha-environment with ssh?

Thank in advance for your reply
Regards:
Martin
sudo question
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎07-07-2003 06:02 AM

‎07-07-2003 06:02 AM

Re: using ssh in ha-environment with mc service-guard

I am attaching a more complete document to help with password free connection.

I do not think this is a serviceguard issue. I think its likely a permissions issue with the process by which you exchanged public keys.

This document covers this topic and works equally well on many Linux distributions with openssh.

As always, though I'd recommend being on 3.50 of Secure shell, the HP deopots.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Martin Christov
Advisor

‎07-07-2003 06:18 AM

‎07-07-2003 06:18 AM

Re: using ssh in ha-environment with mc service-guard

Hello Steven,
thanks for your reply!
I didn't found any new information for me in yout attached document. The described procedure was also followed by me several weeks ago.
My configuration works fine with "null-password" with the stationary hostname/IPA of all mcsg-cluster-nodes.
I think the problem is the relocatable hostname/IPA.
My configuration works fine also with the relocatable hostname/IPA until the package switch occurs.
Regards:
Martin
sudo question
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎07-07-2003 07:21 AM

‎07-07-2003 07:21 AM

Solution

Re: using ssh in ha-environment with mc service-guard

Try putting the same ssh-host-key on both hosts. Then they will look the same to the ssh authentication mechanism.

You will need to copy ssh_host_key, ssh_host_dsa_key, and ssh_host_rsa_key, as well as restarting sshd.
Reply
Brian Markus
Valued Contributor

‎07-07-2003 08:42 PM

‎07-07-2003 08:42 PM

Re: using ssh in ha-environment with mc service-guard

I had a strange issue somewhat simular that was fixed by updateing ssh. Check your version and patch level.

If you want to "autoinsert" any text, you could try using "expect".

Hope this helps.


-Brian.
When a sys-admin say's maybe, they don't mean 'yes'!
0 Kudos
Reply
Martin Christov
Advisor

‎07-08-2003 01:37 AM

‎07-08-2003 01:37 AM

Re: using ssh in ha-environment with mc service-guard

Hi Bill,

it works!

################

Hi Brian,
thanks for your proposal.

I am using the current version of hp-ssh:
T1471AA A.03.50.000 HP-UX Secure Shell
The patchlevel of client and server is also current.

Could you please explain where (and how) to activate the "expect"-feature:
- on client or server?
- file?

Thanks in advance!
Regards:
Martin
sudo question
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.