Cluster: Another ssh port, firewall enabled

chencho

Well-Known Member
Nov 25, 2010
92
8
48
HI all.

I'm interested in create a node to my servers.

I have set root login disabled and ssh port changed to another (not 22)

Then, in principal node, i set pveca -c and works.

Goes to server2 and then "pveca -a -h IP1" and fails.

No matter, i change

ssh -pNewPort IP1 /usr/bin/pveca -a 'IP2" ... and permit root login once, and in server1 see:

pveca -l
1 : IP1 M S 77 days 21:01 0.02 26% 14%
2 : IP2 N ERROR: 500 Can't connect to 127.0.0.1:50000

Any way to enable different ssh port and non root user?
 
I have changed the ssh port and webports on my systems.
To do this and have the cluster still working I adapted the following.

For the web:
In /etc/apache2/ports.conf I deleted the 2 ports and added a Listen line to the port I chose i.e. Listen 9999
In /etc/apache2/sites-available/pve.conf I changed the <VirtualHost *:443> to <VirtualHost *:9999>
restarted apache
and connect on https://you.server.com:9999

For the ssh:
I changed in /etc/ssh/sshd_config the ssh port i.e. Port 22 to Port 9998
restarted sshd
And then change in /etc/ssh/ssh_config the commented line #Port 22 to Port 9998 so uncomment and change the default port.

you will have to connect with ssh -p 9998 your.server.com and if you want to connect to other machines from your server you will have to ssh -p 22 regular.server.com to connect since it will always default to 9998 after this change but between your cluster servers everything works.

I haven't been able yet to change the non-root login so I do use ssh root logins still.

Hope this is helps (although this is a late reply, sorry I just joined).
 
ok was thinking a bit and the solution is kinda simple, I have now no root login remotely allowed but I didn't put PermitRootLogin to no I left it on yes but limited root access to the local cluster ip's by adding a line in sshd_config

on server 1

AllowUsers root@123.123.123.2 root@123.123.123.3 me

on server 2

AllowUsers root@123.123.123.1 root@123.123.123.3 me

on server 3

AllowUsers root@123.123.123.1 root@123.123.123.2 me

and restarted sshd

this way I can connect from anywhere as me (ssh -l me 123.123.123.1 or 2 or 3) but only as me so not as root
And the machines can connect to each other as root.
From the machines I can as root ssh from one to another without problems.

hope this solves your problem.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!