網頁

2009年11月9日 星期一

2009.11.9 SOL3759: Synchronizing SSH keys between the BIG-IP host system and the SCCP

SOL3759: Synchronizing SSH keys between the BIG-IP host system and the SCCP
重新同步host與sccp的key不同步時要做的

Note: This Solution only applies to BIG-IP platforms that contain an SCCP (1500, 3400, 4100, 6400, 6800, 8400, and 8800).

Synchronizing SSH keys

The SCCP and BIG-IP host system SSH keys can become unsynchronized if you modify the keys or restore the keys from a backup. To synchronize the SSH keys, perform the following procedure:

1.

Log in to the command line using the root account.
2. Synchronize the keys by typing the following command:

keyswap.sh sccp
3. When the keys are synchronized, connect to the SCCP by typing the following command:

ssh sccp

If properly synchronized, the SCCP should not prompt you for a password. If you are prompted for a password, refer to the Troubleshooting section below.
4. Synchronize the keys between the SCCP and the host by typing the following command:

keyswap.sh host
5. Connect to the host by typing the following command:

ssh host

If properly synchronized, the system should not prompt you for a password. If you are prompted for a password, refer to the Troubleshooting section.

Troubleshooting

If the keyswap.sh command fails because the host keys have changed, you can correct the issue by performing the following procedure:

1.

Log in to the BIG-IP command line.
2.

Using a text editor, edit the /root/.ssh/known_hosts file.
3.

Delete all lines that begin with 127.2.0.1 or sccp.
4.

Save the file and exit the editor.
5. Rerun the keyswap.sh command.

Note: When running the keyswap.sh command, you may be prompted to enter the root password several times. Re-type the root password each time you are prompted.

If the keys are properly synchronized from the BIG-IP system to the SCCP, but not from the SCCP to the BIG-IP system, the issue is most likely a result of an incorrect entry in the /etc/hosts.allow or /etc/hosts.deny files. An incorrect entry in either of these files could prevent SSH communication.

To correct this issue, perform the following procedure:

1. Boot the BIG-IP system into single user mode.

Note: For instructions about how to boot the BIG-IP system into single user mode, refer to SOL4178: Booting BIG-IP in single user mode.
2.

Log in as root.
3. Mount the filesystems by typing the following command:

mount -a
4.

Using a text editor, edit the /etc/hosts.allow file.
5. Add the following entry to the sshd line:

127.

For example:

# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd : 10.10.22.122 10.10.22.123 127.
snmpd : 127. 192.168.0.0/255.255.0.0 10.10.22.122 10.10.22.123

6.

Save the file and exit the editor.
7. Reboot the BIG-IP system.

The access problem should be resolved. You may still need to synchronize the SSH keys.

沒有留言:

張貼留言

追蹤者