On Thu, 2008-04-24 at 14:10 -0500, Bennie Thomas wrote: > I have a 3-node Cluster set up as 2-nodes active and one passive. I have > assigned 2 IP Aliases > to fail over. The problem I am having is; When I ssh to the IP aliases > the first time it works fine, > I then failover the IP alias service to the backup node, then try > ssh'ing to the alias, it fails with man in the middle attack > > I know I can go modify .ssh/known_hosts and remove the host key and it > will work, but if the alias fails back to the > original node the problem starts all over. > > How can I set up ssh to allow this connection. ? What I usually do is: - make a copy of the sshd init script and place it somewhere besides /etc/init.d (/cluster/scripts?) - change the global sshd config file to bind to a *specific* VIP on the host. - create a separate config file for the cluster VIP using different host keys for the cluster IP address - copy service-specific sshd script / config / host keys to other cluster node(s) - add the copied script as part of the cluster service with the VIP you want You'll end up with 2 sshd instances running on the host when the service is enabled - one for the host's IP with specific keys/etc. for that IP, and one running for the cluster IP address with its own set of keys. Because the host keys are distributed between the cluster nodes for this address, no matter where the cluster IP is, it should work - IP matches and the keys match :) -- Lon -- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster