SOL3759: Synchronizing SSH keys between the BIG-IP host system and the SCCP
重新同步host與sccp的key不同步時要做的
Note: This Solution only applies to BIG-IP platforms that contain an SCCP (1500, 3400, 4100, 6400, 6800, 8400, and 8800).
Synchronizing SSH keys
The SCCP and BIG-IP host system SSH keys can become unsynchronized if you modify the keys or restore the keys from a backup. To synchronize the SSH keys, perform the following procedure:
1.
Log in to the command line using the root account.
2. Synchronize the keys by typing the following command:
keyswap.sh sccp
3. When the keys are synchronized, connect to the SCCP by typing the following command:
ssh sccp
If properly synchronized, the SCCP should not prompt you for a password. If you are prompted for a password, refer to the Troubleshooting section below.
4. Synchronize the keys between the SCCP and the host by typing the following command:
keyswap.sh host
5. Connect to the host by typing the following command:
ssh host
If properly synchronized, the system should not prompt you for a password. If you are prompted for a password, refer to the Troubleshooting section.
Troubleshooting
If the keyswap.sh command fails because the host keys have changed, you can correct the issue by performing the following procedure:
1.
Log in to the BIG-IP command line.
2.
Using a text editor, edit the /root/.ssh/known_hosts file.
3.
Delete all lines that begin with 127.2.0.1 or sccp.
4.
Save the file and exit the editor.
5. Rerun the keyswap.sh command.
Note: When running the keyswap.sh command, you may be prompted to enter the root password several times. Re-type the root password each time you are prompted.
If the keys are properly synchronized from the BIG-IP system to the SCCP, but not from the SCCP to the BIG-IP system, the issue is most likely a result of an incorrect entry in the /etc/hosts.allow or /etc/hosts.deny files. An incorrect entry in either of these files could prevent SSH communication.
To correct this issue, perform the following procedure:
1. Boot the BIG-IP system into single user mode.
Note: For instructions about how to boot the BIG-IP system into single user mode, refer to SOL4178: Booting BIG-IP in single user mode.
2.
Log in as root.
3. Mount the filesystems by typing the following command:
mount -a
4.
Using a text editor, edit the /etc/hosts.allow file.
5. Add the following entry to the sshd line:
127.
For example:
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd : 10.10.22.122 10.10.22.123 127.
snmpd : 127. 192.168.0.0/255.255.0.0 10.10.22.122 10.10.22.123
6.
Save the file and exit the editor.
7. Reboot the BIG-IP system.
The access problem should be resolved. You may still need to synchronize the SSH keys.
沒有留言:
張貼留言