From owner-freebsd-isp  Fri Jul  7 12:35:21 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from mail.workofstone.net (w121.z208177130.sjc-ca.dsl.cnc.net [208.177.130.121])
	by hub.freebsd.org (Postfix) with ESMTP id D1E6B37B781
	for <isp@FreeBSD.ORG>; Fri,  7 Jul 2000 12:35:16 -0700 (PDT)
	(envelope-from schluntz@timberwolf.workofstone.net)
Received: from timberwolf (w126.z064001106.sjc-ca.dsl.cnc.net [64.1.106.126])
	by mail.workofstone.net (8.9.3/8.9.3) with ESMTP id MAA26620;
	Fri, 7 Jul 2000 12:34:52 -0700 (PDT)
Message-Id: <200007071934.MAA26620@mail.workofstone.net>
To: Jason Fesler <jfesler@gigo.com>
Cc: Luigi Rizzo <luigi@info.iet.unipi.it>,
	Chris Shenton <cshenton@uucom.com>, Alan Batie <batie@rdrop.com>,
	isp@FreeBSD.ORG, Gabriel Ambuehl <gabriel_ambuehl@buz.ch>
Subject: Re: Re[4]: load balancing 
Reply-To: "Sean J. Schluntz" <schluntz@workofstone.com>
In-Reply-To: Your message of "Fri, 07 Jul 2000 19:00:01 +0200."
             <11591545084.20000707190001@buz.ch> 
Date: Fri, 07 Jul 2000 12:31:08 -0700
From: schluntz@timberwolf.workofstone.net
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>> If the box is faulty but still pingable with the IP alias, 
>> log into the box, shutdown the alias.  Next, turn the alias
>> on, on the other box.
>
>What if it's pingable, but ssh failed? And how do you solve the
>problems of needing root access to kill the alias? I don't want to
>supply an attacker with the root passwords for the another box if he
>cracks one of a pair... RSA authentication isn't better for that
>matter.

I have a friend who solved that with an X10 kit.  If his servers can't be 
contacted through ssh then he just turns off the power to it so another
can take over the IP. It stays off until he has a change to go in and fix
it. (Or he can choose to power it back on remotely and see if it comes
back up correctly.)

-Sean


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message