Dear All,
After configuring IPMP in 2 fresh Servers (T5520 and T2000) I can't login in any of them using SSH, I can login by serial console then I had to enable Telnet to access.
IPMP works fine.
This is the error in /var/adm/messages:
Code:
sshd[1071]: Failed password for lvalle from 172.28.12.95 port 50532 ssh2
lag-pro-cdrs-01-e1000g0 deprecated -failover netmask + broadcast + group ipmp up addif lag-pro-cdrs-01 netmask + broadcast + up
/etc/hostname.e1000g2:
Code:
lag-pro-cdrs-01-e1000g2 deprecated -failover netmask + broadcast + group ipmp up
This is the network configuration:
Code:
-bash-3.2# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 2
inet 172.28.11.82 netmask ffffff80 broadcast 172.28.11.127
groupname ipmp
ether 0:14:4f:ae:2d:b0
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.28.11.81 netmask ffffff80 broadcast 172.28.11.127
e1000g2: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 3
inet 172.28.11.83 netmask ffffff80 broadcast 172.28.11.127
groupname ipmp
ether 0:14:4f:ae:2d:b2
I'll appreciate your advice in this regard.
---------- Post updated at 04:37 PM ---------- Previous update was at 03:37 PM ----------
Self solved
I'm not sure whether was related to the password complexity (/etc/default/passwd), or the fact my user ID was 0 same as root and in /etc/ssh/sshd_config PermitRootLogin was set to "no".
Strange thing login only failed after configuring IPMP.
So you now know where to look if you have this problem I think it was the UID 0 stuff.
Hi all...........
I work for a big french car manufacturer.
I'm supposed to put up a secure protocol, that means ssh. I'm looking for free ssh codes and binaries, and the install and config of it...
Any help would be great...
:confused: :confused: :confused:
Thanx
Jason (3 Replies)
Hi all!
I'm new to the SSh concept, and i'm supposed to install SSH over 400 servers.
I found out how to generate all the keys and the passphrases ( you'll say that ain't that hard!).
But now, i just can't get the thing to start. I started sshd on both of my test servers, and on one of 'em, i... (1 Reply)
Hi
I am setting up a test server for actual 2 node servers which will be behind load balancer. I will not be using sun cluster at all. The test machine is installed with solaris 10.
I am not sure how to setup a test env of 2 nodes on only 1 node..may be creating 2 zones on test server will... (8 Replies)
Hi All,
I have unplumbed one interface.
after that ifconfig -a shows that
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
... (7 Replies)
I have downloaded the Putty SSH configuration. I have entered my Host name as illinois.engr.sjsu.edu and i am trying to save that. But i am unable to save.
Also i opened the session and entered my log in name
But it says using keyboard interactive authentication.I am not able to get into $
... (1 Reply)
Hello all
I have question regarding the id_dsa keys and authorized_keys file in .ssh directory.
I know if we try to SFTP, id_dsa.pub file on server1 will be verified with contents of authorized_keys on other server and SFTP will happen once verification passes.
No i want to use id_dsa1.pub... (1 Reply)
why I can login by telnet using root account
but when i use login by ssh using root account
it is not successful ,is it different password
i am sure ssh service is started (2 Replies)
I'm trying use 'sed' to change a line on sshd_config file. But the problem is sshd_config file can be two different locations.(eg: /etc/ssh/sshd_config or /usr/local/ssh/sshd_config)
Was wondering how to write a shell script to search or mention the sshd_config location? (3 Replies)
Discussion started by: pjeedu2247
3 Replies
LEARN ABOUT OPENSOLARIS
arp
arp(1M) System Administration Commands arp(1M)NAME
arp - address resolution display and control
SYNOPSIS
arp hostname
arp -a [-n]
arp -d hostname
arp -f filename
arp -s hostname ether_address [temp] [pub] [trail]
[permanent]
DESCRIPTION
The arp program displays and modifies the Internet-to-MAC address translation tables used by the address resolution protocol (see arp(7P)).
With no flags, the program displays the current ARP entry for hostname. The host may be specified by name or by number, using Internet dot
notation.
Options that modify the ARP translation tables (-d, -f, and -s) can be used only when the invoked command is granted the sys_net_config
privilege. See privileges(5).
OPTIONS -a Display all of the current ARP entries. The definition for the flags in the table are:
d Unverified; this is a local IP address that is currently undergoing Duplicate Address Detection. ARP will not respond to
requests for this address until Duplicate Address Detection completes.
o Old; this entry is aging away. If IP requests it again, a new ARP query will be generated. This state is used for detecting peer
address changes.
y Delayed; periodic address defense and conflict detection was unable to send a packet due to internal network use limits for non-
traffic-related messages (100 packets per hour per interface). This occurs only on interfaces with very large numbers of
aliases.
A Authority; this machine is authoritative for this IP address. ARP will not accept updates from other machines for this entry.
L Local; this is a local IP address configured on one of the machine's logical interfaces. ARP will defend this address if another
node attempts to claim it.
M Mapping; only used for the multicast entry for 224.0.0.0
P Publish; includes IP address for the machine and the addresses that have explicitly been added by the -s option. ARP will
respond to ARP requests for this address.
S Static; entry cannot be changed by learned information. This indicates that the permanent flag was used when creating the entry.
U Unresolved; waiting for ARP response.
You can use the -n option with the -a option to disable the automatic numeric IP address-to-name translation. Use arp -an or arp -na
to display numeric IP addresses. The arp -a option is equivalent to:
# netstat -p -f inet
...and -an and -na are equivalent to:
# netstat -pn -f inet
-d Delete an entry for the host called hostname.
Note that ARP entries for IPMP (IP Network Multipathing) data and test addresses are managed by the kernel and thus cannot be
deleted.
-f Read the file named filename and set multiple entries in the ARP tables. Entries in the file should be of the form:
hostname MACaddress [temp] [pub] [trail] [permanent]
See the -s option for argument definitions.
-s Create an ARP entry for the host called hostname with the MAC address MACaddress. For example, an Ethernet address is given as six
hexadecimal bytes separated by colons. The entry will not be subject to deletion by aging unless the word temp is specified in the
command. If the word pub is specified, the entry will be published, which means that this system will respond to ARP requests for
hostname even though the hostname is not its own. The word permanent indicates that the system will not accept MAC address changes
for hostname from the network.
Solaris does not implement trailer encapsulation, and the word trail is accepted on entries for compatibility only.
arp -s can be used for a limited form of proxy ARP when a host on one of the directly attached networks is not physically present on
a subnet. Another machine can then be configured to respond to ARP requests using arp -s. This is useful in certain SLIP configura-
tions.
Non-temporary proxy ARP entries for an IPMP (IP Network Multipathing) group are automatically managed by the kernel. Specifically, if
the hardware address in an entry matches the hardware address of an IP interface in an IPMP group, and the IP address is not local to
the system, this will be regarded as an IPMP proxy ARP entry. This entry will have its hardware address automatically adjusted in
order to keep the IP address reachable so long as the IPMP group has not entirely failed.
ARP entries must be consistent across an IPMP group. Therefore, ARP entries cannot be associated with individual underlying IP inter-
faces in an IPMP group, and must instead be associated with the corresponding IPMP IP interface.
Note that ARP entries for IPMP data and test addresses are managed by the kernel and thus cannot be changed.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO ifconfig(1M), netstat(1M), attributes(5), privileges(5), arp(7P)SunOS 5.11 5 Jan 2009 arp(1M)
01-23-2013
