[Freeipa-users] Specify different ssh port for ipa-conncheck
James Harrison
jamesaharrisonuk at yahoo.co.uk
Thu Nov 10 12:12:15 UTC 2016
We get the below message for replica machines and Ive seen it for client machines too:
[root at pul-lv-ipa-02 bin]# /root/bin/freeipa-replica-install.sh /var/lib/ipa/replica-info-$(hostname -f).gpg
Using reverse zone(s) 23.10.in-addr.arpa.
Run connection check to master
Check connection from replica to remote master 'aaaaaa.aaaa.com ':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos Kpasswd: TCP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
The following list of ports use UDP protocol and would need to be
checked manually:
Kerberos KDC: UDP (88): SKIPPED
Kerberos Kpasswd: UDP (464): SKIPPED
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Check SSH connection to remote master
Could not SSH into remote host. Error output:
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to aaaaaa.aaaa.com [10.23.45.88] port 22.
debug1: connect to address 10.23.45.88 port 22: Connection refused
ssh: connect to host pul-lv-ipa-01.int.worldfirst.com port 22: Connection refused
Could not SSH to remote host.
ipa.ipapython.install.cli.install_tool(Replica): ERROR Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
From: James Harrison <jamesaharrisonuk at yahoo.co.uk>
To: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
Sent: Thursday, 10 November 2016, 12:00
Subject: Specify different ssh port for ipa-conncheck
Hi All,We use port 2234 for all sshd connections on our systems.
It looks loke ipa-conncheck uses port 22.
Can this be changed to use 2234? This would be for replicas and clients I presume.
This is quite urgent.
Many thanks,James Harrison
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161110/c14deb80/attachment.htm>
More information about the Freeipa-users
mailing list