[Gluster-users] Geo-rep failing

Csaba Henk csaba at gluster.com
Tue Jul 5 22:28:23 UTC 2011


Greg,

what you say sounds interesting. While the supported / suggested way
is to store the auth key at
/etc/glusterd/geo-replication/secret.pem, I don't see any reason why
the "standard" ~/.ssh/id_rsa
would not work (I mean, *I* don't see, not that I doubt your
experience). If you can shed some light
on the nature of this mis-setup, that would be a big help for us.

For the record, it seems that using another key file via "-i"
does not prevent ssh to look for the keys also at the standard locations:

ssh -i /tmp/foo.key -v  localhost
Warning: Identity file /tmp/foo.key not accessible: No such file or directory.
OpenSSH_5.8p2, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /home/csaba/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: auto-mux: Trying existing master
debug1: Control socket "/tmp/ssh-csaba at localhost:22" does not exist
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /home/csaba/.ssh/id_rsa type 1
debug1: identity file /home/csaba/.ssh/id_rsa-cert type -1
debug1: identity file /home/csaba/.ssh/id_dsa type -1
debug1: identity file /home/csaba/.ssh/id_dsa-cert type -1
debug1: identity file /home/csaba/.ssh/id_ecdsa type -1
debug1: identity file /home/csaba/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8
debug1: match: OpenSSH_5.8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA f4:83:****:79
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /home/csaba/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/csaba/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/csaba/.ssh/id_dsa
debug1: Trying private key: /home/csaba/.ssh/id_ecdsa
debug1: Next authentication method: password
csaba at localhost's password:

Csaba

On Fri, Jul 1, 2011 at 8:38 PM,  <Greg_Swift at aotx.uscourts.gov> wrote:
> So... this is a trap i fell into.
>
> Are you sshing between all the boxes using the default identity file (like
> ~/.ssh/id_rsa)
>
> or
>
> Are you sshing between all the boxes using the identity file you created
> for geo-replication that is stored
> in: /etc/glusterd/geo-replication/secret.pem?
>
> This second one is apparently the correct way.  It took support correcting
> me to fix that for me.
>
> -greg
>
> gluster-users-bounces at gluster.org wrote on 06/30/2011 09:43:03 AM:
>
>>
>> Yes I can ssh between all the boxes without password as root.
>>
>>
>> On 30 Jun 2011, at 15:27, Csaba Henk wrote:
>>
>> > t seems that the connection gets dropped (or not even able to
>> > establish). Is the ssh auth set up properly from the second volume?
>> >
>> > Csaba
>
>



More information about the Gluster-users mailing list