2 Replies Latest reply: Aug 20, 2013 1:18 AM by Billy~Verreynne RSS

    Unable to ssh ipvip from RAC nodes

    Sukrut

      Hi

       

      I am not able to ssh ipvip from outisde the RAC nodes

       

      ./srvctl status scan_listener

      SCAN Listener LISTENER_SCAN1 is enabled

      SCAN listener LISTENER_SCAN1 is not running

      SCAN Listener LISTENER_SCAN2 is enabled

      SCAN listener LISTENER_SCAN2 is not running

      SCAN Listener LISTENER_SCAN3 is enabled

      SCAN listener LISTENER_SCAN3 is not running

       

       

      Let me know what is wrong here ?

       

      Sukrut

        • 1. Re: Unable to ssh ipvip from RAC nodes
          SAML.

          The SCAN listener is not running, start the scan listener "srvctl start scan_listener" and try again.

          • 2. Re: Unable to ssh ipvip from RAC nodes
            Billy~Verreynne

            886560 wrote:

            I am not able to ssh ipvip from outisde the RAC nodes

             

             

            You should not be using ssh with virtual IPs at all. Not inside the RAC. Not outside the RAC.

             

            A virtual IP can reside, over time, on a number of DIFFERENT host platforms.

             

            A ssh expects that IP to reside (always) on a SINGLE host platform. (it stores the host platform's signature against that IP as a known host)

             

            So when a virtual IP address moves from one platform to another, ssh will fail with a man-in-the-middle-attack. The new host signature of that virtual IP is different from the host the IP was on previously.

             

            Yes, you an manually fix it.

             

            No, it does not make sense.