[lvs-users] keepalived: SSH getting "No route to host"

Graeme Fowler graeme at graemef.net
Thu Sep 20 15:07:18 BST 2007 

On Thu, 2007-09-20 at 10:00 -0400, Gerry Reno wrote:
> I looked through the howto's and did not see anything showing how to put 
> ssh on an alternate port.

You can have SSH as a service one the director if you configure to
listen on the DIP only.

man sshd_config
...
 ListenAddress
    Specifies the local addresses sshd should listen on.  The follow-
    ing forms may be used:
           ListenAddress host|IPv4_addr|IPv6_addr
           ListenAddress host|IPv4_addr:port
           ListenAddress [host|IPv6_addr]:port

    If port is not specified, sshd will listen on the address and all
    prior Port options specified.  The default is to listen on all
    local addresses.  Multiple ListenAddress options are permitted.
    Additionally, any Port options must precede this option for non
    port qualified addresses.
...

If you ensure that the director doesn't bind its' SSH server to any
VIPS, you can then have a virtual server on the VIP listening to port
22, forwarding to the realservers as appropriate.

I would, however, counsel against having SSH listening on the external
interface of the director. I try as much as possible to make sure
they're only contactable from "inside", or from a management LAN which
reaches the "inside" interface,

Graeme

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list