----- "Michael Stahnke" <[EMAIL PROTECTED]> wrote: > Another option is to setup two different ssh daemon's per server, and > start one as a cluster service on the cluster-named IP. Basically > you > have hostname ssh daemon and a second daemon, with configs in some > non-standard place. As part of a failover, you also start the other > SSH daemon, listening only on the cluster service address, so yes the > SSH key is still shared, but only as the cluster service address. > That way you can log into the hostname ssh daemon and verify > everything before attempting to use the cluster service address, if > you wish. > > It's more complicated, but works for the paranoid.
I actually like this idea a lot. sshd config offers the option to bind to an address. I can create the common sshd config and let it sit on the DRBD disk and start up sshd for the cluster IP as part of failover on with the newly available to the machine configs. That makes me very happy. Each machine on the primary address for them still keeps the normal sshd config with just a minor fix to hold it on a known address. -- Steven Critchfield [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~----------~----~----~----~------~----~------~--~---
