Establish A Trust Relationship problem

[HOSTFORWEB]

Hi,
I am now on my second server. I want to use my server #1 nameservers on my second server.
What I did.

On the second server:
1. Edit Setup
2. Master Nameserver - added IP of my first server.
Primary Nameserver: ns.myfirstserver.com
Secondary Nameserver: ns2.myfirstserver.com
3. &Establish A Trust Relationship With a Primary Nameserver&
and here I get problems. It asked for root pass. Ok. Do it.
WHM replies:
&spawn scp /root/.sshscript [email protected]:/root/.sshscript


spawn /usr/bin/ssh [email protected] /bin/sh /root/.sshscript
Trust Relationship Created!&

This happened with any root or without. So root has no rule here.
4. &Synchronize DNS Records With Primary Nameserver&:

WHM replies:
&Rebuilding DNS Zones List from master server .....
You have no controlling tty. Cannot read passphrase.
ndc: reload command successful
Rebuild Complete&


Please help!
Thank you.

 

[rastoma]

why do so many questions go unanswered here in this forum? if a solution has been found and sent privately why not include it here for the rest of us? i'm having the same problem and it would be great to see the answer instead of posting the same quesitons again.

 

[jumpdomain]

Hello,

Are you sure the transfer failed? The error about no tty happens all the time but the transfer still occurs.

 

[rastoma]

[quote:7449b95109][i:7449b95109]Originally posted by jumpdomain[/i:7449b95109]

Hello,

Are you sure the transfer failed? The error about no tty happens all the time but the transfer still occurs.
[/quote:7449b95109]

As far as mine is concerned no it didn't transfer.

 

[jumpdomain]

Do you see the key for the secondary name server in the /root/.ssh/authorized_keys file?

 

[rastoma]

[quote:08e327e598][i:08e327e598]Originally posted by jumpdomain[/i:08e327e598]

Do you see the key for the secondary name server in the /root/.ssh/authorized_keys file?
[/quote:08e327e598]


no.. i checked and see no file or entry called authorized_keys

how does that get created?

 

[jumpdomain]

I might not of been clear... On the master DNS server machine, do you have this file with the secondary name server key in:
/root/.ssh/authorized_keys

Then on the secondary name server machine, do you have this file:
/root/.ssh/identity.pub

 

[Bravo]

I was having the exact same problem, here's a step by step how I got it working:

Say, you have server1, which contains your web site www.domain.com and the associated nameservers, ns1.domain.com & ns2.domain.com.
Now, you are bringing online a second server and you want ns1.domain.com to be on server1 (master) and ns2.domain.com to be on server 2 (slave).

1. In WHM on server2: Edit Setup:
Master Nameserver: enter the IP address of ns1.domain.com
Primary Nameserver: ns1.domain.com
Secondary Nameserver: ns2.domain.com

2. Pick a free IP address on server2 (I reserve my nameserver IP's but I don't think this is significant)

3. On server1, edit the DNS zone for domain.com and change the IP address in the A record of ns2.domain.com to the one obtained in step 2 above.

4. On server2, go to DNS Functions: Establish A Trust Relationship With a Primary Nameserver. You will be asked for the root password of the Master Nameserver

5. On server2, Synchronize DNS Records With Primary Nameserver: You may get a tty error, but I found that it works anyway.

6. On server2: Edit a DNS Zone You should now see all zones from server1.

7. Go to the web site of the registrar where you registered domain.com, and change the nameserver registration record for ns2.domain.com to point to the corresponding IP on server2.

Done!

 

[rastoma]

thank you for the suggestion, but I tried it and it doesn't work on my servers.

 

[AlaskanWolf]

likewise here, doesnt work, i get the passphrase doesnt work and i looked in /root/.ssh and nothing is in there other then known_hosts2


during inital setup i get

spawn scp /root/.sshscript [email protected]:/root/.sshscript
spawn /usr/bin/ssh [email protected] /bin/sh /root/.sshscript
Trust Relationship Created!

but still the passphrase error on syncing

 

[bert]

This is quite easy to do manually:

First you need to generate a key in your secondary server (in case you don't have it):

root& ssh-keygen

Once you are done with that, go inside /root/.ssh and look for identity.pub there. If you can see it, then do this from your secondary server:

root& scp /root/.ssh/indentity.pub serverX:/root/.ssh/identity.ns2

Change serverX above for the name of your primary DNS server.

Then go into your primary name server:

root& cd /root/.ssh
root& cat identity.ns2 && authorized_keys

This should do it for you.

 

[rastoma]

bert... you're a genious!!!!

it worked... thanks.

it's amazing how long it took to get this info... not from you bert but just from the forum in general. hopefully this will allow people to start fixing their trust problems.

 

[kwimberl]

I noticed today that ssh-keygen seems to have updated and now require a key type to be specified. Here's the new command:

ssh-keygen -t rsa

That should do it for you.

 

[bert]

Hi rastoma,

Sorry I missed your post. I am glad it is working for you. I had a problem similar and it was the ssh config that had the wrong version. I was really going crazy with it

 

[bert]

[quote:9487c91171][i:9487c91171]Originally posted by kwimberl[/i:9487c91171]

I noticed today that ssh-keygen seems to have updated and now require a key type to be specified. Here's the new command:

ssh-keygen -t rsa

That should do it for you. [/quote:9487c91171]

Actually, you need to do this:

ssh-keygen -t rsa1

Make sure you use rsa1, otherwise you will not be able to connect to other servers that had the key generated before the update.

 

[rastoma]

[quote:7d7d92bc0c][i:7d7d92bc0c]Originally posted by bert[/i:7d7d92bc0c]

Hi rastoma,

Sorry I missed your post. I am glad it is working for you. I had a problem similar and it was the ssh config that had the wrong version. I was really going crazy with it [/quote:7d7d92bc0c]

I just noticed something when deleted a domain on the SECOND server:
-------------
Removing Proftpd File....Done

Cannot continue... named.conf is corrupt
[/etc/named.conf:12: parse error near 'xxx.mydomain.com'
]
Done
Ftp Password Files synced
--------------

But I can add domains to the second server and server 1's dns shows up when in named.conf on the second server and new domains are resolving and working. Do you know why it's saying named.conf is corrupt?

And I get this when adding a domain:
ndc: connect: connection refused

but the domain still works apparantly.

 

[bert]

Bind appears not to be running on your secondary server. Try restarting bind:

Make sure your WHM on the secondary server shows the IP of your primary server and not its domain: login to WHM, click on &Edit Setup& and then make sure you have an IP address next to &Master Nameserver& and not a domain. I know there were some issues with that.

Then make sure bind is running on the secondary server by running:
/etc/rc.d/init.d/named start

Also, try syncronizing the records with the primary DNS server, by doing that, your secondary will get the named.conf file that resides on the primary server and that one should not be corrupt. You can syncronize from WHM or from the shell by typing:
/scripts/dnstransfer

Hope this helps

 

[gidechoi]

Who can resolve this problem?

So many issue on that.
But any one didn't give us collect answer.

 

[bert]

Don't know what you mean by &collect answer&, have you not been able to get it to work?

 

[hst]

I dont think anyone knows for sure

I have had mutiple problems with a two server setup and the trust relationship. Noone seems to know how to get it working properly. I've done numerous post and gave explainations and no one responseds with something that really works. Both of my servers work but I get a lot of errors when doing things and the slave server just never seems to show the DNS properly. I have even had paid support on this and it isn't resolved so seriously I think no one really knows and it's a but they have not resolved and don't respond to. CP4 is definately a work in progress. Where is all the documentation? We have to do a lot through SSH to make things work when CP4 messes it up. Not a bad panel but there are definately a lot of unresolved issues.