Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 4 subscribers
  • Views 4721 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to ssh to slave node

JonEtkins

I have two UTM VMs running as a high-availability pair.  I need to check something on the slave/standby node, so I'm attempting to SSH to it by means of the ha_utils ssh command from the master/active node.  I'm SSH'd in to the master as root using an ssh key, but when I try to connect to the slave I get Permission Denied.

<M> astaro:/root # ha_daemon -c status
Current mode: HA MASTER with id 1 in state ACTIVE
-- Nodes -----------------------------------------------------------------------
MASTER: 1 esxi3 198.19.250.1 9.705003 ACTIVE since Mon May 10 10:26:56 2021
SLAVE: 2 esxi55 198.19.250.2 9.705003 ACTIVE since Mon May 10 10:31:57 2021
-- Load ------------------------------------------------------------------------
Node  1: [1m] 0.00  [5m] 0.01  [15m] 0.05
Node  2: [1m] 0.01  [5m] 0.02  [15m] 0.05
<M> astaro:/root # ha_utils ssh

Connecting to slave 198.19.250.2
loginuser@198.19.250.2's password:
Permission denied, please try again.
loginuser@198.19.250.2's password:

<M> astaro:/root #

I know I'm using the correct password for loginuser - I've even changed it via the web UI to be sure I wasn't misremembering, but to no avail.

Any thoughts or suggestions welcomed.  Thanks!



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    If 'Block Password Guessing' is enabled under Definitions & Users > Authentication Services > Advanced, then the slave node might have temporarily blocked access from the master node's IP address due to failed login attempts.

    Could you please try again and share your observation?

  • 0 in reply to FormerMember

    Hi Yash, and thanks for responding.  Yes, I have blocking enabled, but I also have my workstation added to the "Never block networks:, so I doubt that is the problem.  I get the same result regardless of which node is currently active, by the way:

    <M> astaro:/root # ha_utils status
- Status -----------------------------------------------------------------------
Current mode: HA MASTER with id 2 in state ACTIVE
-- Nodes -----------------------------------------------------------------------
MASTER: 2 esxi55 198.19.250.2 9.705003 ACTIVE since Tue May 11 00:51:50 2021
SLAVE: 1 esxi3 198.19.250.1 9.705003 ACTIVE since Tue May 11 00:56:50 2021
-- Load ------------------------------------------------------------------------
Node  2: [1m] 0.15  [5m] 0.07  [15m] 0.06
Node  1: [1m] 0.00  [5m] 0.02  [15m] 0.05

- Kernel -----------------------------------------------------------------------
Current mode: enabled master
interface: eth3
Local ID: 198.19.250.2
debug: off
verbose: off
ppp sync: off
port smtp: 25
port pop3: 8110
port ftp: 2121

- IPSec ------------------------------------------------------------------------
000 HA System active on eth3/224.0.0.82. Current mode is Master. Seqdiff in: 256 Seqdiff out: 4096

- PostgreSQL ------------------------------------------------------------------------
 primary | standby |     lag      |  bytelag
---------+---------+--------------+----------
       2 |       1 | 00:00:00.993 |        0
<M> astaro:/root # ha_utils ssh

Connecting to slave 198.19.250.1
loginuser@198.19.250.1's password:
Permission denied, please try again.
loginuser@198.19.250.1's password:

  • 0 in reply to JonEtkins

    Hi  .

    One thing. I doubt that putting your workstation to the "Never block networks" list would help. You could put in the network of the HA connection, because with ha_utils your connection should normally occur using the HA port, as far as I know.

    You could give this a try.

    But be careful as the HA IP is a public IP you should not use this generally.

    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
Reply
  • 0 in reply to JonEtkins

    Hi  .

    One thing. I doubt that putting your workstation to the "Never block networks" list would help. You could put in the network of the HA connection, because with ha_utils your connection should normally occur using the HA port, as far as I know.

    You could give this a try.

    But be careful as the HA IP is a public IP you should not use this generally.

    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
Children
No Data
Unfiltered HTML