05-22-2012 08:48 AM
Hi All,
We are experiencing an access issue with one of our ACE LB contexts: It cannot be reached via ssh.
We can ssh to the Admin context and from there change to the specific LB context. Attempts to ssh directly to the context time out.
The context is a secondary / fail-over context on a pair of ACE blades running A2(3.4)
It's not a firewall or connectivity issue, since we have no problem with the Admin context and they are all on the same vlan.
What I'd like to know is whether there's a way to reload the sshd daemon on the ACE LB context.
Thanks,
Jose Ribeiro
05-22-2012 08:52 AM
Jose,
Is this a new implementation, the contexts that is? Have you ever been able to ssh to the context? If this a new implementation, did you add the management policy for the context?
you can see the open ssh sessions with the following command
sh ssh session-info
then you can use
switch/Admin# clear ssh ?
<0-2147483647> Use clear ssh ssh_id to kill an ssh session
hosts Clear the list of trusted ssh hosts
to kill any hung sessions.
05-22-2012 09:10 AM
Hi Chris,
Thanks for your reply.
This is not a new implementation and the context was previosly available to ssh. The management policy is configured and we have no problem accessing the active context of the fault-tolerant pair.
When I try to ssh from our management server the ACE shows the ssh session but I never get a prompt:
From the LB:
ctspogdcnwace02/ctsbogdcnwbal01# sh ssh session-info
Session ID Remote Host Active Time
7849 10.xxx.xxx.37:37890 0: 4:51
ctspogdcnwace02/ctsbogdcnwbal01#
From the source:
[ribeirj@ctsbigdcemath02:~] $ ssh -l ribeirj 10.xxx.xxx.21
The authenticity of host '10.xxx.xxx.21 (10.xxx.xxx.21)' can't be established.
RSA key fingerprint is 13:c9:64:0f:8e:dd:07:3a:d1:33:80:09:7e:db:39:f9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.xxx.xxx.21' (RSA) to the list of known hosts.
And then it times out. The session is never opened on the client side and I don't get a prompt.
Thanks,
Jose
05-22-2012 09:26 AM
Can you try show ssh session-info from all the other contexts? Do you see any hung sessions?
05-22-2012 11:03 AM
I've checked all other contexts and there are no hung ssh sessions.
Is there a way to reload the ssh daemon for a specific context?
05-22-2012 12:08 PM
Jose,
There is no way to reload just the ssh daemon for a context. Only option is a reload.
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide