Re: SSH IP binding problem
From: Ramin Dousti (ramin_at_cannon.eng.us.uu.net)
Date: 07/09/03
- Previous message: ricardobastos: "SSH IP binding problem"
- In reply to: ricardobastos: "SSH IP binding problem"
- Next in thread: Tech: "Re: SSH IP binding problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Jul 2003 13:58:25 -0400 To: ricardobastos <ricardobastos@netcabo.pt>
Is qfe1:1 a permanent setup on the machines or does it get created when
needed? If it's permanent you should have no problems whatsoever, So I
take that it's not. In that case do you have a post-setup hook to the
process which brings up/down the subinterface? If so, just put the
startup/stop script for sshd there. Also, vrrp might help you here...
Ramin
On Wed, Jul 09, 2003 at 03:42:35PM +0100, ricardobastos wrote:
> Hello all,
>
> I am using OpenSSH 3.6 p2 on 2 Solaris 8 boxes.
>
> The SSH, on each machine, is set to listen on 2 different addresses, let's say IP1 and IP2. Each of these IP addresses are used by 2 different interfaces, let us say IF1 and IF2. The problem arises because IF1 is physical (qfe0), on each machine, and IF2 is not (qfe1:1). These would not be a problem if IF2 would be always available, which is not true. IF2 is a virtual interface, controlled by the cluster (Sun Cluster 3.0), and moves from one machine to another. In fact, the problem arises when the SSH daemon is started in one of the machines and the IF2 resource is available on the other machine. SSH daemon will not bind to IP2.port, and so, will not listen on that interface, even if, later on, IF2 is set to work on that machine.
>
> "Graphically", it would be something like this:
>
>
> Machine1 Machine2
>
> Solaris 8 Solaris8
> SSH SSH
>
> IF1 (qfe0) IF1(qfe0)
>
> <----------------IF2:qfe1:1--------------->
>
>
> SSH on IF1 must be available on both machines, ALL the time.
> SSH on IF2 must be available in, at least, one of the machines.
>
> Let's imagine that I start the SSH daemon on Machine 2 and IF2 is given to Machine 1. SSH will not bind to IP2.port, because IF2 is not there. Now imagine that, for some reason, the cluster gives IF2 to Machine 2. SSH daemon is not aware of that and will not, still, listen on IP2.port... unless I do "pkill -HUP sshd" (to make SSH daemon aware of IF2), which I shouldn't because I should keep IF1 available ALL the time.
>
> I would like to have some help on these. I mean, to have suggestions regarding the problem. I have some things on my mind, although all of them have advantages and fallbacks:
>
> 1) to make the cluster scalable for IF2, so it will be available on both machines at the same time. The problem with this is that Machine 2 should hold the connections on IF2, only if Machine 1 fails.Load balancing is not the purpose in here.
>
> 2) to have 2 instances of SSH on each machine, each of them listening on a different address. Then I would force the cluster to move the SSH daemon bound to IP2.port along with IF2. I do not really if this is possible, specially because I use tcp wrappers and I would need to reference the "sshd" service, on each machine, independently.
>
> 3) to force IF2 to be on each machine, whenever I start each SSH daemon. This one is a really dirty workaround.
>
>
>
> I am taking suggestions, comments, any help I can get.
>
>
>
> Thanks in advance to all that got to this part of the mail. :)
>
> Cheers,
> Ricardo
- Previous message: ricardobastos: "SSH IP binding problem"
- In reply to: ricardobastos: "SSH IP binding problem"
- Next in thread: Tech: "Re: SSH IP binding problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
