Cluster: Another ssh port, firewall enabled

C

chencho

Well-Known Member
Nov 25, 2010
92
11
48
HI all.

I'm interested in create a node to my servers.

I have set root login disabled and ssh port changed to another (not 22)

Then, in principal node, i set pveca -c and works.

Goes to server2 and then "pveca -a -h IP1" and fails.

No matter, i change

ssh -pNewPort IP1 /usr/bin/pveca -a 'IP2" ... and permit root login once, and in server1 see:

pveca -l
1 : IP1 M S 77 days 21:01 0.02 26% 14%
2 : IP2 N ERROR: 500 Can't connect to 127.0.0.1:50000

Any way to enable different ssh port and non root user?
 
I have changed the ssh port and webports on my systems.
To do this and have the cluster still working I adapted the following.

For the web:
In /etc/apache2/ports.conf I deleted the 2 ports and added a Listen line to the port I chose i.e. Listen 9999
In /etc/apache2/sites-available/pve.conf I changed the <VirtualHost *:443> to <VirtualHost *:9999>
restarted apache
and connect on https://you.server.com:9999

For the ssh:
I changed in /etc/ssh/sshd_config the ssh port i.e. Port 22 to Port 9998
restarted sshd
And then change in /etc/ssh/ssh_config the commented line #Port 22 to Port 9998 so uncomment and change the default port.

you will have to connect with ssh -p 9998 your.server.com and if you want to connect to other machines from your server you will have to ssh -p 22 regular.server.com to connect since it will always default to 9998 after this change but between your cluster servers everything works.

I haven't been able yet to change the non-root login so I do use ssh root logins still.

Hope this is helps (although this is a late reply, sorry I just joined).
 
ok was thinking a bit and the solution is kinda simple, I have now no root login remotely allowed but I didn't put PermitRootLogin to no I left it on yes but limited root access to the local cluster ip's by adding a line in sshd_config

on server 1

AllowUsers root@123.123.123.2 root@123.123.123.3 me

on server 2

AllowUsers root@123.123.123.1 root@123.123.123.3 me

on server 3

AllowUsers root@123.123.123.1 root@123.123.123.2 me

and restarted sshd

this way I can connect from anywhere as me (ssh -l me 123.123.123.1 or 2 or 3) but only as me so not as root
And the machines can connect to each other as root.
From the machines I can as root ssh from one to another without problems.

hope this solves your problem.
 
You must log in or register to reply here.
Top Bottom