Gideon Romm and Cyberorg:
Thank you for the suggestions, I got Gideons email first and went ahead
and copied the keys over by hand using the ltsp-update-sshkeys --export
option. I still had the same issues. So I wanted to see if I could get
around this at the risk of lowering the security level, for testing!
I used chroot to edit the /etc/ssh/ssh_config file and added the line
StrictHostKeyChecking no
Then ltsp-update-sshkeys, and ltsp-update-image (did this on both
servers). After doing this I still have the same issues, ldm loads up
fine, I enter a password, screen blanks, ldm loads back up like nothing
ever happened and wants me to login again.
At this point I am worried if this is really an ssh key issue.
Grant
Gideon Romm wrote:
> Grant,
>
> I just read through the ltsp-update-sshkeys script, and (aside from it
> needing some love), it looks like in order for ltsp-update-sshkeys to
> include the extra keys for the other servers, you need to save those
> keys on the ltsp server in: /etc/ltsp/ssh_known_hosts.myname (where
> "myname" can be replaced with any name you find would help you remember
> what keys are in that file - and you can have multiple files of that
> type).
>
> Now, interestingly, ltsp-updates-sshkeys has a --export option to export
> the keys of the ltsp server to a file, presumably for this purpose. But,
> this puzzles me, because you don't want the LTSP server's keys, you want
> the application servers' keys. Which, I suppose means you could copy
> ltsp-update-sshkeys to your app servers to export things, but this is
> clumsy.
>
> We *should* make it so that I can pass ltsp-update-sshkeys --export
> <filename> [IP-of-app-server] and have the script use ssh to request
> the public key of the app server and store that in the file. I will add
> it to a TODO for now.
>
> But, in answer to your keys question, I would go ahead and put the keys
> on the ltsp server in /etc/ltsp/ssh_known_hosts.myname, rerun
> ltsp-update-sshkeys and ltsp-update-image. Then, you can test it by
> dropping to a shell on the thin client and attempt an ssh to the app
> server. If all goes well, you should NOT be asked to accept the
> authenticity of the host.
>
> HTH,
>
> -Gadi
>
> On Tue, 2010-02-02 at 14:42 -0600, grant wrote:
>
>> Hi all,
>>
>> I have been trying to set up LDM load balancing between two servers
>> running ubuntu 9.04 for a couple of days and have failed. I was
>> following the instructions in the ltsp Manual, #ltsp and information I
>> found around but did not get there really.
>>
>> I found out that the get_hosts script needs to be located at
>> /opt/ltsp/i386/usr/lib/share/get_hosts so fixed that, The following is
>> my lts.conf and my get_hosts script. For my testing purposes I have
>> been loading the results so that the 10.0.0.46 server is returned by the
>> script. The test client I am booting is only listed in the 10.0.0.32
>> servers dhcp. So I basically want to be able to send a client to the
>> least conjested server and only have that information in one servers
>> dhcpd.conf file.
>>
>> /var/lib/tftpboot/ltsp/i386/lts.conf
>>
>> [Default]
>> LDM_DIRECTX=True
>> LDM_SESSION=/usr/bin/startkde
>> SOUND = Y
>> NBD_SWAP=True
>> DNS_SERVER="10.0.0.38 10.0.0.39"
>> SEARCH_DOMAIN="ajrs.com"
>> MY_SERVER_LIST="10.0.0.32 10.0.0.46
>>
>> /opt/ltsp/i386/usr/lib/ltsp/get_hosts
>>
>> #!/bin/bash
>> # Takes a list of servers from the /var/lib/tftpboot/ltsp/i386/lts.conf
>> and sorts that
>> # list based on the output of the nc rating of that server.
>> TMP_LIST=""
>>
>> for i in $MY_SERVER_LIST; do
>> let "rank = `nc $i 9571 | grep rating | cut -d: -f2`"
>> TMP_LIST="$TMP_LIST\n${rank}_$i"
>> done
>> echo -e $TMP_LIST | sort -r | cut -d_ -f2
>>
>> After making these changes I made sure the script was executable(set
>> 755) and called a ltsp-update-image -a i386 on my servers, of course
>> after making edits in chroot.
>>
>> This left me at the point where I think the script is running and
>> returning the proper information. I am able to get to an ldm and enter
>> a username and password. The screen goes blank immediatly and then goes
>> back to the ldm. I got this far by doing some ssh-key work on Gadi from
>> #ltsp's advice.
>>
>> I did a sudo chroot /opt/ltsp/i386
>>
>> then I would ssh to the host I wanted to be able to connect to accept
>> the keys and then logout chroot and sudo ltsp-update-sshkeys and
>> ltsp-update-image -a i386
>>
>> When I am doing this I watch the syslog on the server I want to connect
>> to 10.0.0.46 and can see two connection attempts from the client and
>> that is all.
>>
>> Feb 2 14:41:28 ltsp2 ldminfod[16901]: connect from 10.0.2.4 (10.0.2.4)
>> Feb 2 14:41:28 ltsp2 ldminfod[16904]: connect from 10.0.2.4 (10.0.2.4)
>>
>>
>> Does anyone have any idea what I am doing wrong here. I personally am
>> not sure if I did the ssh keys properly but I know no other way.
>>
>> Thank you.
>>
>> Grant
>>
>>
>> ------------------------------------------------------------------------------
>> The Planet: dedicated and managed hosting, cloud storage, colocation
>> Stay online with enterprise data centers and the best network in the business
>> Choose flexible plans and management services without long-term contracts
>> Personal 24x7 support from experience hosting pros just a phone call away.
>> http://p.sf.net/sfu/theplanet-com
>> _____________________________________________________________________
>> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
>> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
>> For additional LTSP help, try #ltsp channel on irc.freenode.net
>>
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
