Master/Replica SSH gotcha!

[woodgie]

Right, so thankfully my brain was in gear and I think I worked out this one before I spent too long on rebuilding servers and suchlike.

When you have a Master/Replica situation going on, the Replica connects to the Master using an SSH root logon by supplying the Master’s root password. So far, so good.

Not if you’ve rolled your own OpenSSH (or like me, got Fink to do it for you) and locked the access down to public key pairs by using “PasswordAuthentication no” and specifically denied root access with “PermitRootLogin no”

I have to experiment by allowing root and password logins, but I’m confident I know what the problem is.

My question is. Does anyone know a way to allow Master/Replica without root login (very probably not possible) or at least using public keys between servers (more likely possible)?

/edit: I’m betting this old hat, yet my “Google skilz” are proving inadequate to the task of finding anything about it.

[mhelman]

I believe the Replica only requires SSH be on the first time it connects to the Master.

[woodgie]

[QUOTE BY= mhelman] I believe the Replica only requires SSH be on the first time it connects to the Master.[/QUOTE]

I was in the shower this morning (not that you needed to know that, but it’s where i do all my best thinking) and I thought something along those lines.

I’ll do a bit of experimentation next week and post the results.

[nigelkersten]

That’s definitely the case. You can turn off root login otherwise.

[Author]

Posts