The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Establish A Trust Relationship problem

Discussion in 'General Discussion' started by HOSTFORWEB, Feb 25, 2002.

  1. HOSTFORWEB

    HOSTFORWEB Well-Known Member
    PartnerNOC

    Joined:
    Feb 6, 2002
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    Hi,
    I am now on my second server. I want to use my server #1 nameservers on my second server.
    What I did.

    On the second server:
    1. Edit Setup
    2. Master Nameserver - added IP of my first server.
    Primary Nameserver: ns.myfirstserver.com
    Secondary Nameserver: ns2.myfirstserver.com
    3. &Establish A Trust Relationship With a Primary Nameserver&
    and here I get problems. It asked for root pass. Ok. Do it.
    WHM replies:
    &spawn scp /root/.sshscript root@66.197.132.115:/root/.sshscript


    spawn /usr/bin/ssh root@66.197.132.115 /bin/sh /root/.sshscript
    Trust Relationship Created!&

    This happened with any root or without. So root has no rule here.
    4. &Synchronize DNS Records With Primary Nameserver&:

    WHM replies:
    &Rebuilding DNS Zones List from master server .....
    You have no controlling tty. Cannot read passphrase.
    ndc: reload command successful
    Rebuild Complete&


    Please help!
    Thank you.
     
  2. rastoma

    rastoma Well-Known Member

    Joined:
    Aug 27, 2001
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    16
    why do so many questions go unanswered here in this forum? if a solution has been found and sent privately why not include it here for the rest of us? i'm having the same problem and it would be great to see the answer instead of posting the same quesitons again.
     
  3. jumpdomain

    jumpdomain Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    Are you sure the transfer failed? The error about no tty happens all the time but the transfer still occurs.
     
  4. rastoma

    rastoma Well-Known Member

    Joined:
    Aug 27, 2001
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    16
    [quote:7449b95109][i:7449b95109]Originally posted by jumpdomain[/i:7449b95109]

    Hello,

    Are you sure the transfer failed? The error about no tty happens all the time but the transfer still occurs.
    [/quote:7449b95109]

    As far as mine is concerned no it didn't transfer.
     
  5. jumpdomain

    jumpdomain Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Do you see the key for the secondary name server in the /root/.ssh/authorized_keys file?
     
  6. rastoma

    rastoma Well-Known Member

    Joined:
    Aug 27, 2001
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    16
    [quote:08e327e598][i:08e327e598]Originally posted by jumpdomain[/i:08e327e598]

    Do you see the key for the secondary name server in the /root/.ssh/authorized_keys file?
    [/quote:08e327e598]


    no.. i checked and see no file or entry called authorized_keys

    how does that get created?
     
  7. jumpdomain

    jumpdomain Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    I might not of been clear... On the master DNS server machine, do you have this file with the secondary name server key in:
    /root/.ssh/authorized_keys

    Then on the secondary name server machine, do you have this file:
    /root/.ssh/identity.pub
     
  8. Bravo

    Bravo Well-Known Member

    Joined:
    Oct 30, 2001
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    I was having the exact same problem, here's a step by step how I got it working:

    Say, you have server1, which contains your web site www.domain.com and the associated nameservers, ns1.domain.com & ns2.domain.com.
    Now, you are bringing online a second server and you want ns1.domain.com to be on server1 (master) and ns2.domain.com to be on server 2 (slave).

    1. In WHM on server2: Edit Setup:
    Master Nameserver: enter the IP address of ns1.domain.com
    Primary Nameserver: ns1.domain.com
    Secondary Nameserver: ns2.domain.com

    2. Pick a free IP address on server2 (I reserve my nameserver IP's but I don't think this is significant)

    3. On server1, edit the DNS zone for domain.com and change the IP address in the A record of ns2.domain.com to the one obtained in step 2 above.

    4. On server2, go to DNS Functions: Establish A Trust Relationship With a Primary Nameserver. You will be asked for the root password of the Master Nameserver

    5. On server2, Synchronize DNS Records With Primary Nameserver: You may get a tty error, but I found that it works anyway.

    6. On server2: Edit a DNS Zone You should now see all zones from server1.

    7. Go to the web site of the registrar where you registered domain.com, and change the nameserver registration record for ns2.domain.com to point to the corresponding IP on server2.

    Done!
     
  9. rastoma

    rastoma Well-Known Member

    Joined:
    Aug 27, 2001
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    16
    thank you for the suggestion, but I tried it and it doesn't work on my servers.
     
  10. AlaskanWolf

    AlaskanWolf Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Fremont CA
    likewise here, doesnt work, i get the passphrase doesnt work and i looked in /root/.ssh and nothing is in there other then known_hosts2


    during inital setup i get

    spawn scp /root/.sshscript root@64.71.176.102:/root/.sshscript
    spawn /usr/bin/ssh root@64.71.176.102 /bin/sh /root/.sshscript
    Trust Relationship Created!

    but still the passphrase error on syncing
     
  11. bert

    bert Well-Known Member

    Joined:
    Aug 21, 2001
    Messages:
    602
    Likes Received:
    0
    Trophy Points:
    16
    This is quite easy to do manually:

    First you need to generate a key in your secondary server (in case you don't have it):

    root& ssh-keygen

    Once you are done with that, go inside /root/.ssh and look for identity.pub there. If you can see it, then do this from your secondary server:

    root& scp /root/.ssh/indentity.pub serverX:/root/.ssh/identity.ns2

    Change serverX above for the name of your primary DNS server.

    Then go into your primary name server:

    root& cd /root/.ssh
    root& cat identity.ns2 && authorized_keys

    This should do it for you.
     
  12. rastoma

    rastoma Well-Known Member

    Joined:
    Aug 27, 2001
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    16
    bert... you're a genious!!!! :)

    it worked... thanks.

    it's amazing how long it took to get this info... not from you bert but just from the forum in general. hopefully this will allow people to start fixing their trust problems.
     
  13. kwimberl

    kwimberl Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    I noticed today that ssh-keygen seems to have updated and now require a key type to be specified. Here's the new command:

    ssh-keygen -t rsa

    That should do it for you. :)
     
  14. bert

    bert Well-Known Member

    Joined:
    Aug 21, 2001
    Messages:
    602
    Likes Received:
    0
    Trophy Points:
    16
    Hi rastoma,

    Sorry I missed your post. I am glad it is working for you. I had a problem similar and it was the ssh config that had the wrong version. I was really going crazy with it ;)
     
  15. bert

    bert Well-Known Member

    Joined:
    Aug 21, 2001
    Messages:
    602
    Likes Received:
    0
    Trophy Points:
    16
    [quote:9487c91171][i:9487c91171]Originally posted by kwimberl[/i:9487c91171]

    I noticed today that ssh-keygen seems to have updated and now require a key type to be specified. Here's the new command:

    ssh-keygen -t rsa

    That should do it for you. :)[/quote:9487c91171]

    Actually, you need to do this:

    ssh-keygen -t rsa1

    Make sure you use rsa1, otherwise you will not be able to connect to other servers that had the key generated before the update.
     
  16. rastoma

    rastoma Well-Known Member

    Joined:
    Aug 27, 2001
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    16
    [quote:7d7d92bc0c][i:7d7d92bc0c]Originally posted by bert[/i:7d7d92bc0c]

    Hi rastoma,

    Sorry I missed your post. I am glad it is working for you. I had a problem similar and it was the ssh config that had the wrong version. I was really going crazy with it ;) [/quote:7d7d92bc0c]

    I just noticed something when deleted a domain on the SECOND server:
    -------------
    Removing Proftpd File....Done

    Cannot continue... named.conf is corrupt
    [/etc/named.conf:12: parse error near 'xxx.mydomain.com'
    ]
    Done
    Ftp Password Files synced
    --------------

    But I can add domains to the second server and server 1's dns shows up when in named.conf on the second server and new domains are resolving and working. Do you know why it's saying named.conf is corrupt?

    And I get this when adding a domain:
    ndc: connect: connection refused

    but the domain still works apparantly.
     
  17. bert

    bert Well-Known Member

    Joined:
    Aug 21, 2001
    Messages:
    602
    Likes Received:
    0
    Trophy Points:
    16
    Bind appears not to be running on your secondary server. Try restarting bind:

    Make sure your WHM on the secondary server shows the IP of your primary server and not its domain: login to WHM, click on &Edit Setup& and then make sure you have an IP address next to &Master Nameserver& and not a domain. I know there were some issues with that.

    Then make sure bind is running on the secondary server by running:
    /etc/rc.d/init.d/named start

    Also, try syncronizing the records with the primary DNS server, by doing that, your secondary will get the named.conf file that resides on the primary server and that one should not be corrupt. You can syncronize from WHM or from the shell by typing:
    /scripts/dnstransfer

    Hope this helps ;)
     
  18. gidechoi

    gidechoi Member

    Joined:
    Mar 16, 2002
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Who can resolve this problem?

    So many issue on that.
    But any one didn't give us collect answer.
     
  19. bert

    bert Well-Known Member

    Joined:
    Aug 21, 2001
    Messages:
    602
    Likes Received:
    0
    Trophy Points:
    16
    Don't know what you mean by &collect answer&, have you not been able to get it to work?
     
  20. hst

    hst Well-Known Member

    Joined:
    Feb 24, 2002
    Messages:
    111
    Likes Received:
    0
    Trophy Points:
    16
    I dont think anyone knows for sure

    I have had mutiple problems with a two server setup and the trust relationship. Noone seems to know how to get it working properly. I've done numerous post and gave explainations and no one responseds with something that really works. Both of my servers work but I get a lot of errors when doing things and the slave server just never seems to show the DNS properly. I have even had paid support on this and it isn't resolved so seriously I think no one really knows and it's a but they have not resolved and don't respond to. CP4 is definately a work in progress. Where is all the documentation? We have to do a lot through SSH to make things work when CP4 messes it up. Not a bad panel but there are definately a lot of unresolved issues.
     

Share This Page