> On 16 Jan 2016, at 02:21, Jeff Hallyburton <[email protected]> > wrote: > > Having finished setting up an ipa server and replica, we're trying to test > failover to ensure that HA works as expected. We've been able to verify the > replication agreements and auto-discovery are working, and both servers are > picked up as expected at install time. > > That said, we're seeing some oddities with failover. Once I shut down the > ipa service on the main ipa server, I get most requests completing after > about a 2 min window. I am able to: > > 1. Authenticate to our jump server and get a kerberos ticket > 2. kinit successfully as other users > > However, whenever I try to ssh to another system within our domain, ssh > breaks with the following error: > > $ ssh -vvv automation01 > OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 5: Applying options for * > debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 > automation01 > debug1: permanently_drop_suid: 1587000001 > debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_rsa-cert type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_dsa-cert type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_ecdsa-cert type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519 type -1 > debug1: identity file /home/jeff.hallyburton/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_6.6.1 > ssh_exchange_identification: Connection closed by remote host >
Did you crank up debug level on the machine where sshd is running and see if anything is logged then? > > Nothing is logged in either /var/log/messages or /var/log/secure when this > happens, so I'm unsure where to begin debugging. Can you offer any insight? > > Thanks, > > Jeff > > Jeff Hallyburton > Strategic Systems Engineer > Bloomip Inc. > Web: http://www.bloomip.com > > Engineering Support: [email protected] > Billing Support: [email protected] > Customer Support Portal: https://my.bloomip.com > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
