Cluster Synchronisation bei verändertem SSH Port

CarstenMartens

CarstenMartens

Member
Proxmox Subscriber
Dec 28, 2021
72
4
13
Coburg, Germany
www.notesit.net
Hallo,

wie kann ich die Cluster Synchronisation mit verändertem SSH Port laufen lassen? SSH ist bei uns nicht auf Port 22.
 
CarstenMartens said:
Hallo,

wie kann ich die Cluster Synchronisation mit verändertem SSH Port laufen lassen? SSH ist bei uns nicht auf Port 22.
Click to expand...
Ist jetzt nicht explizit supported als setup, und ich habe es auch noch nicht ausprobiert - aber ich würde versuchen eine passende ssh-client config (system-weit oder für den root-user) zu machen, damit die connection zwischen den cluster-nodes über euren alternativen port geht.

Wäre über feedback dankbar ob das funktioniert
 
  • Like
Reactions: CarstenMartens
Hallo @Stoiko Ivanov

mit einer SSH Clinet Konfiguration für den root (~/.ssh/config) scheint es zu funktionieren. Der Connect funktioniert auf jeden Fall.

Nur in der Log erscheint immernoch
Code: 
database sync 'pmg2' failed - DBI connect('dbname=Proxmox_ruledb;host=/run/pmgtunnel;port=3;','root',...) failed: connection to server on socket "/run/pmgtunnel/.s.PGSQL.3" failed: No such file or directory
    Is the server running locally and accepting connections on that socket? at /usr/share/perl5/PMG/DBTools.pm line 66.
 
wurde pmgtunnel neu gestartet (bzw. vl. gleich mal beide PMG instanzen) ?
 
Ja beide neu gestartet ( pmgtunnel restart ) aber der Fehler kommt immer noch
 
was sagt das journal zu pmgmirror und pmgtunnel?
 
Stoiko Ivanov said:
was sagt das journal zu pmgmirror und pmgtunnel?
Click to expand...
Code: 
Feb 06 09:16:06 pmg1 pmgmirror[1061]: received signal HUP
Feb 06 09:16:06 pmg1 pmgmirror[1061]: server shutdown (restart)
Feb 06 09:16:07 pmg1 pmgmirror[1061]: restarting server
Feb 06 09:17:18 pmg1 pmgmirror[1061]: received signal HUP
Feb 06 09:17:18 pmg1 pmgmirror[1061]: server shutdown (restart)
Feb 06 09:17:19 pmg1 pmgmirror[1061]: restarting server
Feb 06 09:19:19 pmg1 pmgmirror[1061]: starting cluster synchronization
Feb 06 09:19:19 pmg1 pmgmirror[1061]: database sync 'pmg2' failed - DBI connect('dbname=Proxmox_ruledb;host=/run/pmgtunnel;port=3;','root',...) failed: connection to server on socket "/run/pmgtunnel/.s.PGSQL.3" failed: No such file or directory Is the server running locally and accepting connections on that socket? at /usr/share/perl5/PMG/DBTools.pm line 66.
Feb 06 09:19:19 pmg1 pmgmirror[1061]: cluster synchronization finished  (1 errors, 0.02 seconds (files 0.00, database 0.02, config 0.00))

und

Code: 
journalctl _PID=694 --since "2024-02-06 9:14:00"
Feb 06 09:14:06 pmg1 pmgtunnel[694]: restarting crashed tunnel 847656 95.216.249.228
Feb 06 09:14:39 pmg1 pmgtunnel[694]: received signal HUP
Feb 06 09:14:39 pmg1 pmgtunnel[694]: server shutdown (restart)
Feb 06 09:14:40 pmg1 pmgtunnel[694]: restarting server
Feb 06 09:14:40 pmg1 pmgtunnel[694]: starting tunnel 847748 95.216.249.228
Feb 06 09:16:51 pmg1 pmgtunnel[694]: tunnel finished 847748 95.216.249.228
Feb 06 09:17:09 pmg1 pmgtunnel[694]: restarting crashed tunnel 848196 95.216.249.228
Feb 06 09:19:18 pmg1 pmgtunnel[694]: tunnel finished 848196 95.216.249.228
Feb 06 09:19:28 pmg1 pmgtunnel[694]: restarting crashed tunnel 848756 95.216.249.228
 
Last edited:
Hm - hier scheint das ganze zu funktionieren - ein paar Sachen, die vielleicht ein wenig anders sind, als vor einiger Zeit - und weitere checks:
* Mit bookworm (auf dem PMG8 aufbaut) verwendet ssh socket activation im default-fall - sprich der Config-change muss im systemd-socket file gemacht werden:
Code: 
# /etc/systemd/system/ssh.socket.d/override.conf
[Socket]
ListenStream=
ListenStream=2200

* am besten lässt sich das überprüfen mit `ss -tlnp` - das zeigt an wo ssh tatsächlich lauscht
* zum testen bietet sich auch an `ssh -vvv <ip.der.anderen.node>` anzusehen
 
Stoiko Ivanov said:
Hm - hier scheint das ganze zu funktionieren - ein paar Sachen, die vielleicht ein wenig anders sind, als vor einiger Zeit - und weitere checks:
* Mit bookworm (auf dem PMG8 aufbaut) verwendet ssh socket activation im default-fall - sprich der Config-change muss im systemd-socket file gemacht werden:
Code: 
# /etc/systemd/system/ssh.socket.d/override.conf
[Socket]
ListenStream=
ListenStream=2200
Click to expand...
Die Datei ist auf beiden Systemen nicht vorhanden.
Code: 
$ > systemctl status ssh.socket
○ ssh.socket - OpenBSD Secure Shell server socket
     Loaded: loaded (/lib/systemd/system/ssh.socket; disabled; preset: enabled)
     Active: inactive (dead)
   Triggers: ● ssh.service
     Listen: [::]:22 (Stream)
Stoiko Ivanov said:
* am besten lässt sich das überprüfen mit `ss -tlnp` - das zeigt an wo ssh tatsächlich lauscht
Click to expand...
SSH ist auf Port 2222

Code: 
[07.02.24 09:01:05] root ➤ pmg1 in ~
$ > ss -tulpen|grep ssh
tcp   LISTEN 0      128                              0.0.0.0:2222       0.0.0.0:*    users:(("sshd",pid=573118,fd=3)) ino:4759199 sk:2006 cgroup:/system.slice/ssh.service <->                                                                                                                                       
tcp   LISTEN 0      128                                 [::]:2222          [::]:*    users:(("sshd",pid=573118,fd=4)) ino:4759201 sk:2009 cgroup:/system.slice/ssh.service v6only:1 <->
Stoiko Ivanov said:
* zum testen bietet sich auch an `ssh -vvv <ip.der.anderen.node>` anzusehen
Click to expand...
Getestet von pmg1 --> pmg2 mit sauberen connect und von pmg2 --> pmg1 auch mit sauberem connect. Sowohl per IP als auch FQDN
 
CarstenMartens said:
Getestet von pmg1 --> pmg2 mit sauberen connect und von pmg2 --> pmg1 auch mit sauberem connect. Sowohl per IP als auch FQDN
Click to expand...
bitte das output posten :)

wo habt ihr denn die ssh-client config hinterlegt (dass port 2222 zw. den PMG-nodes verwendet werden soll)?
meine tests waren mit:
Code: 
Host 192.0.2.5*
  Port 2200
(192.0.2.5* matched die IPs von beiden nodes) - auf beiden eingetragen

CarstenMartens said:
Die Datei ist auf beiden Systemen nicht vorhanden.
Click to expand...
dann dürfte das system von 7.x upgegraded worden zu sein - oder ssh wurde anderweitig umgestellt nicht über systemd-socket activation zu laufen (was jetzt auch kein problem hierbei sein sollte)
CarstenMartens said:
SSH ist auf Port 2222
Click to expand...
soweit so gut :)
 
Last edited:
Stoiko Ivanov said:
bitte das output posten :)

wo habt ihr denn die ssh-client config hinterlegt (dass port 2222 zw. den PMG-nodes verwendet werden soll)?
Click to expand...
Die config steht in /root/.ssh/config

Code: 
[07.02.24 09:50:39] root ➤ pmg2 in ~
$ > ssh -vvv 111.222.333.444
OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 6: Applying options for 111.222.333.444
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 111.222.333.444 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 111.222.333.444 [111.222.333.444] port 2222.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2+deb12u2
debug1: compat_banner: match: OpenSSH_9.2p1 Debian-2+deb12u2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 111.222.333.444:2222 as 'root'
debug3: put_host_port: [111.222.333.444]:2222
debug3: record_hostkey: found key type ED25519 in file /root/.ssh/known_hosts:3
debug3: load_hostkeys_file: loaded 1 keys from [111.222.333.444]:2222
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:<1234567890abcdefghijklmnopqrzuvwxyz>
debug3: put_host_port: [111.222.333.444]:2222
debug3: put_host_port: [111.222.333.444]:2222
debug3: record_hostkey: found key type ED25519 in file /root/.ssh/known_hosts:3
debug3: load_hostkeys_file: loaded 1 keys from [111.222.333.444]:2222
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: Host '[111.222.333.444]:2222' is known and matches the ED25519 host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug3: send packet: type 21
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:<1234567890abcdefghijklmnopqrzuvwxyz>
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: Will attempt key: /root/.ssh/id_dsa
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com,ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:<1234567890abcdefghijklmnopqrzuvwxyz>
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /root/.ssh/id_rsa RSA SHA256:<1234567890abcdefghijklmnopqrzuvwxyz>
debug3: sign_and_send_pubkey: using publickey-hostbound-v00@openssh.com with RSA SHA256:<1234567890abcdefghijklmnopqrzuvwxyz>
debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:<1234567890abcdefghijklmnopqrzuvwxyz>
debug3: send packet: type 50
debug3: receive packet: type 52
Authenticated to 111.222.333.444 ([111.222.333.444]:2222) using "publickey".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: filesystem
debug3: client_repledge: enter
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: client_input_hostkeys: received RSA key SHA256:<1234567890abcdefghijklmnopqrzuvwxyz>
debug3: client_input_hostkeys: received ECDSA key SHA256:<1234567890abcdefghijklmnopqrzuvwxyz>
debug3: client_input_hostkeys: received ED25519 key SHA256:<1234567890abcdefghijklmnopqrzuvwxyz>
debug3: put_host_port: [111.222.333.444]:2222
debug1: client_input_hostkeys: searching /root/.ssh/known_hosts for [111.222.333.444]:2222 / (none)
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: hostkeys_find: found ecdsa-sha2-nistp256 key under different name/addr at /root/.ssh/known_hosts:1
debug3: hostkeys_find: found ssh-ed25519 key under different name/addr at /root/.ssh/known_hosts:2
debug3: hostkeys_find: found ssh-ed25519 key at /root/.ssh/known_hosts:3
debug1: client_input_hostkeys: searching /root/.ssh/known_hosts2 for [111.222.333.444]:2222 / (none)
debug1: client_input_hostkeys: hostkeys file /root/.ssh/known_hosts2 does not exist
debug3: client_input_hostkeys: 3 server keys: 2 new, 18446744073709551615 retained, 2 incomplete match. 0 to remove
debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update
debug3: client_repledge: enter
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env USER
debug3: Ignored env LOGNAME
debug3: Ignored env HOME
debug3: Ignored env PATH
debug3: Ignored env SHELL
debug3: Ignored env TERM
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env XDG_SESSION_TYPE
debug3: Ignored env XDG_SESSION_CLASS
debug3: Ignored env MOTD_SHOWN
debug1: channel 0: setting env LANG = "en_US.UTF-8"
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env SSH_CLIENT
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env SSH_TTY
debug3: Ignored env SHLVL
debug3: Ignored env PWD
debug3: Ignored env OLDPWD
debug3: Ignored env ZSH
debug3: Ignored env PAGER
debug3: Ignored env LESS
debug3: Ignored env LSCOLORS
debug3: Ignored env LS_COLORS
debug3: Ignored env _
debug3: Ignored env MAIL
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug3: client_repledge: enter
debug1: pledge: fork
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
 
hm - das sieht prinzipiell unproblematisch aus - ich nehme an, dass die shell dann auch kommt?

pmgtunnel selbst laesst folgendes ssh-command laufen:
Code: 
/usr/bin/ssh -N -o BatchMode=yes -o HostKeyAlias=<hostalias_from_cluster.conf> -L /run/pmgtunnel/.s.PGSQL.2:/var/run/postgresql/.s.PGSQL.5432 <ip_from_cluster.conf>

bitte das mal laufen lassen, mit -vv, die -L option (und das argument) weglöschen - die daten wohl am besten aus dem `ps auxwf` output nehmen :)
Code: 
/usr/bin/ssh -N -o BatchMode=yes -o HostKeyAlias=<hostalias_from_cluster.conf>  <ip_from_cluster.conf> -vv

wenn da keine Fehler kommen - nochmals ohne -N - dann sollte auch eine shell kommen.
 
Stoiko Ivanov said:
hm - das sieht prinzipiell unproblematisch aus - ich nehme an, dass die shell dann auch kommt?
Click to expand...
ja die kommt
Stoiko Ivanov said:
pmgtunnel selbst laesst folgendes ssh-command laufen:
Code: 
/usr/bin/ssh -N -o BatchMode=yes -o HostKeyAlias=<hostalias_from_cluster.conf> -L /run/pmgtunnel/.s.PGSQL.2:/var/run/postgresql/.s.PGSQL.5432 <ip_from_cluster.conf>

bitte das mal laufen lassen, mit -vv, die -L option (und das argument) weglöschen - die daten wohl am besten aus dem `ps auxwf` output nehmen :)
Code: 
/usr/bin/ssh -N -o BatchMode=yes -o HostKeyAlias=<hostalias_from_cluster.conf>  <ip_from_cluster.conf> -vv

wenn da keine Fehler kommen - nochmals ohne -N - dann sollte auch eine shell kommen.
Click to expand...
Hier mit -N Option
Code: 
$ > /usr/bin/ssh -vv -N -o BatchMode=yes -o HostKeyAlias=pmg1 111.222.333.444
OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 6: Applying options for 111.222.333.444
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 111.222.333.444 is address
debug1: Connecting to 111.222.333.444 [111.222.333.444] port 2222.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2+deb12u2
debug1: compat_banner: match: OpenSSH_9.2p1 Debian-2+deb12u2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 111.222.333.444:2222 as 'root'
debug1: using hostkeyalias: pmg1
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.com
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:1234567890abcdefghijklmnopqrstuvwxyz
debug1: using hostkeyalias: pmg1
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: Host 'pmg1' is known and matches the RSA host key.
debug1: Found key in /etc/ssh/ssh_known_hosts2:4
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:1234567890abcdefghijklmnopqrstuvwxyz
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: Will attempt key: /root/.ssh/id_dsa
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com,ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:1234567890abcdefghijklmnopqrstuvwxyz
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: /root/.ssh/id_rsa RSA SHA256:1234567890abcdefghijklmnopqrstuvwxyz
Authenticated to 111.222.333.444 ([111.222.333.444]:2222) using "publickey".
debug2: fd 3 setting TCP_NODELAY
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: pledge: fork
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: /root/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /root/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding

Ohne kommt die Shell für User root
 
Und nach kompletten Aufruf auf pmg2 von

Code: 
/usr/bin/ssh -N -o BatchMode=yes -o HostKeyAlias=pmg1 -L /run/pmgtunnel/.s.PGSQL.2:/var/run/postgresql/.s.PGSQL.5432 111.222.333.444

kommt auf der pmg1 die Fehlermeldung

Code: 
Feb 09 10:18:53 pmg1 pmgmirror[1061]: starting cluster synchronization
Feb 09 10:18:53 pmg1 pmgmirror[1061]: database sync 'pmg2' failed - DBI connect('dbname=Proxmox_ruledb;host=/run/pmgtunnel;port=3;','root',...) failed: co>
                                              Is the server running locally and accepting connections on that socket? at /usr/share/perl5/PMG/DBTools.pm l>
Feb 09 10:18:53 pmg1 pmgmirror[1061]: cluster synchronization finished  (1 errors, 0.01 seconds (files 0.00, database 0.01, config 0.00))
 
Wurde irgendetwas sonst and der ssh config verändert außer "Port 2222" ?
z.b. sshd_config changes , ssh_config changes (client), authorized_keys changes (no-forward option bei einem key)

Weil ich kann das hier nicht nachvollziehen.
 
Stoiko Ivanov said:
Wurde irgendetwas sonst and der ssh config verändert außer "Port 2222" ?
z.b. sshd_config changes , ssh_config changes (client), authorized_keys changes (no-forward option bei einem key)

Weil ich kann das hier nicht nachvollziehen.
Click to expand...
Guten Morgen @Stoiko Ivanov

nein keine weiteren Änderungen. Ich bin mittlerweile so weit zu sagen ich installiere neu :(
 
bitte mal die /etc/pmg/cluster.conf teilen (host/root ssh keys und fingerprints können maskiert werden...)
 
Stoiko Ivanov said:
bitte mal die /etc/pmg/cluster.conf teilen (host/root ssh keys und fingerprints können maskiert werden...)
Click to expand...
cluster.conf vom pmg1
Code: 
master: 1
    fingerprint <GEPRÜFT_STIMMT_IN_PMG2.CONF_ÜBEREIN>
    hostrsapubkey <GEPRÜFT_STIMMT_IN_PMG2.CONF_ÜBEREIN>
    ip XX.XX.XX.XX
    maxcid 3
    name pmg1
    rootrsapubkey <GEPRÜFT_STIMMT_IN_PMG2.CONF_ÜBEREIN>

node: 3
    fingerprint <GEPRÜFT_STIMMT_IN_PMG2.CONF_ÜBEREIN>
    hostrsapubkey <GEPRÜFT_STIMMT_IN_PMG2.CONF_ÜBEREIN>
    ip YY.YY.YY.YY
    name pmg2
    rootrsapubkey <GEPRÜFT_STIMMT_IN_PMG2.CONF_ÜBEREIN>

Und von pmg2
Code: 
master: 1
    fingerprint <PEPRÜFT_STIMMT_IN_PMG1.CONF_ÜBEREIN>
    hostrsapubkey <PEPRÜFT_STIMMT_IN_PMG1.CONF_ÜBEREIN>
    ip XX.XX.XX.XX
    maxcid 3
    name pmg1
    rootrsapubkey <PEPRÜFT_STIMMT_IN_PMG1.CONF_ÜBEREIN>

node: 3
    fingerprint <PEPRÜFT_STIMMT_IN_PMG1.CONF_ÜBEREIN>
    hostrsapubkey <PEPRÜFT_STIMMT_IN_PMG1.CONF_ÜBEREIN>
    ip YY.YY.YY.YY
    name pmg2
    rootrsapubkey <PEPRÜFT_STIMMT_IN_PMG1.CONF_ÜBEREIN>
 
Last edited by a moderator:
CarstenMartens said:
Die config steht in /root/.ssh/config
Click to expand...
vl. dennoch mal /etc/ssh/ssh_config versuchen (und wie von mir beschrieben, das ganze in einen passenden Host Block einfügen)

(Ich habe die IPs aus der cluster.conf entfernt - hatte vergessen, das zu erwähnen...)
 
Stoiko Ivanov said:
vl. dennoch mal /etc/ssh/ssh_config versuchen (und wie von mir beschrieben, das ganze in einen passenden Host Block einfügen)
Click to expand...
Ok werde ich heute Mittag machen und berichten.

Stoiko Ivanov said:
(Ich habe die IPs aus der cluster.conf entfernt - hatte vergessen, das zu erwähnen...)
Click to expand...
Danke hab ich auch nicht dran gedacht ;)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back