[Gluster-users] Geo-rep failing

Greg_Swift at aotx.uscourts.gov Greg_Swift at aotx.uscourts.gov
Tue Jul 12 13:40:00 UTC 2011 

sorry.. was out of the office...

I'm not sure why its the case, and to be honest, it did occasionally seem
to work for me with it in the ~/.ssh path.  however its consistently worked
with it in the /etc/glusterd/geo-replication path, which is where both
support and the document said to put it.  So as to why? i have no idea.

-greg


gluster-users-bounces at gluster.org wrote on 07/05/2011 05:28:23 PM:

> what you say sounds interesting. While the supported / suggested way
> is to store the auth key at
> /etc/glusterd/geo-replication/secret.pem, I don't see any reason why
> the "standard" ~/.ssh/id_rsa
> would not work (I mean, *I* don't see, not that I doubt your
> experience). If you can shed some light
> on the nature of this mis-setup, that would be a big help for us.
>
> For the record, it seems that using another key file via "-i"
> does not prevent ssh to look for the keys also at the standard locations:
>
> ssh -i /tmp/foo.key -v  localhost
> Warning: Identity file /tmp/foo.key not accessible: No such file or
directory.
> OpenSSH_5.8p2, OpenSSL 1.0.0d 8 Feb 2011
> debug1: Reading configuration data /home/csaba/.ssh/config
> debug1: Applying options for *
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: auto-mux: Trying existing master
> debug1: Control socket "/tmp/ssh-csaba at localhost:22" does not exist
> debug1: Connecting to localhost [::1] port 22.
> debug1: Connection established.
> debug1: identity file /home/csaba/.ssh/id_rsa type 1
> debug1: identity file /home/csaba/.ssh/id_rsa-cert type -1
> debug1: identity file /home/csaba/.ssh/id_dsa type -1
> debug1: identity file /home/csaba/.ssh/id_dsa-cert type -1
> debug1: identity file /home/csaba/.ssh/id_ecdsa type -1
> debug1: identity file /home/csaba/.ssh/id_ecdsa-cert type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8
> debug1: match: OpenSSH_5.8 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.8
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: sending SSH2_MSG_KEX_ECDH_INIT
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ECDSA f4:83:****:79
> debug1: Host 'localhost' is known and matches the ECDSA host key.
> debug1: Found key in /home/csaba/.ssh/known_hosts:3
> debug1: ssh_ecdsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: Roaming not allowed by server
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /home/csaba/.ssh/id_rsa
> debug1: Authentications that can continue: publickey,password
> debug1: Trying private key: /home/csaba/.ssh/id_dsa
> debug1: Trying private key: /home/csaba/.ssh/id_ecdsa
> debug1: Next authentication method: password
> csaba at localhost's password:
>
> Csaba
>
> On Fri, Jul 1, 2011 at 8:38 PM,  <Greg_Swift at aotx.uscourts.gov> wrote:
> > So... this is a trap i fell into.
> >
> > Are you sshing between all the boxes using the default identity file
(like
> > ~/.ssh/id_rsa)
> >
> > or
> >
> > Are you sshing between all the boxes using the identity file you
created
> > for geo-replication that is stored
> > in: /etc/glusterd/geo-replication/secret.pem?
> >
> > This second one is apparently the correct way.  It took support
correcting
> > me to fix that for me.
> >
> > -greg
> >
> > gluster-users-bounces at gluster.org wrote on 06/30/2011 09:43:03 AM:
> >
> >>
> >> Yes I can ssh between all the boxes without password as root.
> >>
> >>
> >> On 30 Jun 2011, at 15:27, Csaba Henk wrote:
> >>
> >> > t seems that the connection gets dropped (or not even able to
> >> > establish). Is the ssh auth set up properly from the second volume?
> >> >
> >> > Csaba
> >
> >
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://gluster.org/cgi-bin/mailman/listinfo/gluster-users

More information about the Gluster-users mailing list