We have Sophos UTM in an Active/Passive configuration. When i SSH to the master i should be able to connect to the slave with the command: ha_utils ssh.
When i do this on the master (with root) it says the following:
Connecting to slave 198.19.250.2Permission denied (publickey).
I have 2 clusters, and both are giving this issue. I recon it is some configuration setting which i need to change, can anyone help me with this?
Thanks in advance.
Hi I thought i posted the solution but apparently not.
I have connected a console cable to the slave and when i entered it, one of my disks were full. After removing a few old update files i could enter…
Hoi Bastiaan and welcome to the UTM Community!
Please paste here what you see at the command line beginning with "NOTE: If not explicitly..."
Cheers - Bob
NOTE: If not explicitly approved by Sophos support, any modifications done by root will void your support.
<M> fwname:/root #
OK, so my request was only clear to me - hah!
I wanted to see what result you got from ha_utils ssh and trying to login to the slave.
You can't get to the Slave with a public key. You have to login there with the loginuser password. I've never seen this response, so I don't know what you did to get it - was that right after doing ha_utils ssh as root on the Master?
It has the same error when logging in with loginuser and the su
Bad luck, Bastiaan! You will definitely want to get a ticket open with Sophos Support. Please let us know what they did to avoid you having to re-image and restore a backup.
Same problem here, need it to stop Updates.
Would be happy if you could share a solution.
I have connected a console cable to the slave and when i entered it, one of my disks were full. After removing a few old update files i could enter the slave with ha_utils ssh.
I have contacted Sophos support and they said we need to break HA, reimage and directly move to the latest version, then add it back to HA. Then reimage the other device and do the same.
Bastiaan, note that a Master cannot sync to a Slave on a higher version. I would prefer to set the Firmware Download Interval to "Manual" and apply Up2Dates in small groups on the Master so you can retain logs and Reporting. When you're done with the following, you can re-connect the re-imaged Slave and enable HA. For instance, if you're on 9.413:
cd /var/up2date/sysrm the 9.509 Up2Dates and newer/sbin/auisys.plx --showdesc
Wait 10 minutes after the auisys command starts and then install in WebAdmin. When that's done, do the following at the command line:
cd /var/up2date/syswget --no-check-certificate ftp.astaro.com/.../u2d-sys-9.508010-509003.tgz.gpgwget --no-check-certificate ftp.astaro.com/.../u2d-sys-9.509003-510005.tgz.gpgwget --no-check-certificate ftp.astaro.com/.../u2d-sys-9.510005-605001.tgz.gpgwget --no-check-certificate ftp.astaro.com/.../u2d-sys-9.605001-606001.tgz.gpgwget --no-check-certificate ftp.astaro.com/.../u2d-sys-9.606001-702001.tgz.gpgwget --no-check-certificate ftp.astaro.com/.../u2d-sys-9.702001-703003.tgz.gpgwget --no-check-certificate ftp.astaro.com/.../u2d-sys-9.703003-704002.tgz.gpgwget --no-check-certificate ftp.astaro.com/.../u2d-sys-9.704002-705003.tgz.gpg/sbin/auisys.plx --showdesc
Wait 10 minutes after the auisys command starts and then install in WebAdmin. You are now at 9.705.
Any luck with that?