pmgtunnel cannot use -L

William Edwards · Nov 2, 2020

I'm seeing this on my cluster nodes:

Code:

Nov  2 17:35:14 mgw0-1 sshd[14200]: Received request to connect to path /var/run/postgresql/.s.PGSQL.5432, but the request was denied.

I copied the default `/etc/ssh/sshd_config` from a default Proxmox Mail Gateway ISO install, but I'm still seeing this error. Is there anything I should do other than using default SSH settings to get pmgtunnel's socket map to work?

Stoiko Ivanov · Nov 2, 2020

please post your:
/etc/ssh/sshd_config
/etc/ssh/ssh_config (systemwide client settings)
/root/.ssh/config (client settings for root)
and the beginning of all keys in /root/.ssh/authorized_keys (in case you've set options on the ssh_key)

William Edwards · Nov 2, 2020

Stoiko Ivanov said:
please post your:
/etc/ssh/sshd_config
/etc/ssh/ssh_config (systemwide client settings)
/root/.ssh/config (client settings for root)
and the beginning of all keys in /root/.ssh/authorized_keys (in case you've set options on the ssh_key)

sshd_config: https://pastebin.com/raw/vRZiBDG4

ssh_config: https://pastebin.com/raw/jg6gyMRY

Nothing has been changed to them after doing a fresh PMG install from the PMG ISO.

authorized_keys contains two keys added by Ansible, and the keys for the cluster nodes (added automatically). None of these keys have options.

Thanks!

Stoiko Ivanov · Nov 3, 2020

the ssh-configs look ok

William Edwards said:
authorized_keys contains two keys added by Ansible, and the keys for the cluster nodes (added automatically). None of these keys have options.

hmm - can you ssh between the cluster-nodes? (without entering a password)?
can you forwards TCP connections (-L) with such a ssh session?

William Edwards · Nov 3, 2020

Stoiko Ivanov said:
the ssh-configs look ok

hmm - can you ssh between the cluster-nodes? (without entering a password)?
can you forwards TCP connections (-L) with such a ssh session?

Yep!

Stoiko Ivanov · Nov 3, 2020

is postgres running? (does the socket '/var/run/postgresql/.s.PGSQL.5432' exist and accept connections)?

does the issue persist after restarting postgresql, pmgtunnel, pmgmirror?

William Edwards · Nov 3, 2020

Stoiko Ivanov said:
is postgres running? (does the socket '/var/run/postgresql/.s.PGSQL.5432' exist and accept connections)?

does the issue persist after restarting postgresql, pmgtunnel, pmgmirror?

The socket exists, and the issue persists after rebooting entirely..

Stoiko Ivanov · Nov 3, 2020

hmm - sounds odd - try enabling verbose logging in sshd - maybe this will point to the culprit
(LogLevel DEBUG2 - but check the manpage and keep in mind, that this will log potentially sensitive information - when posting)

William Edwards · Nov 3, 2020

Really not sure why it helped, but not seeing 'Received request to connect to path' anymore after rebooting master... Nodes are still stuck in syncing state though, debugging further...

William Edwards · Nov 3, 2020

I rebooted all nodes in the cluster, promoted a slave to master, deleted the other slaves from the cluster, and re-added them. All nodes are in A again. Strange!

Search

Search

pmgtunnel cannot use -L

William Edwards

Renowned Member

Stoiko Ivanov

Proxmox Staff Member

William Edwards

Renowned Member

Stoiko Ivanov

Proxmox Staff Member

William Edwards

Renowned Member

Stoiko Ivanov

Proxmox Staff Member

William Edwards

Renowned Member

Stoiko Ivanov

Proxmox Staff Member

William Edwards

Renowned Member

William Edwards

Renowned Member

We value your privacy