From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 5CD3363B1B for ; Wed, 25 Nov 2020 12:42:33 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 5446F19222 for ; Wed, 25 Nov 2020 12:42:33 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id DB47D19218 for ; Wed, 25 Nov 2020 12:42:32 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A37F543B71 for ; Wed, 25 Nov 2020 12:42:32 +0100 (CET) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pve-devel@lists.proxmox.com Date: Wed, 25 Nov 2020 12:42:22 +0100 Message-Id: <20201125114222.1873087-1-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.024 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] applied: [PATCH docs] pvecm: improve SSH section X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Nov 2020 11:42:33 -0000 reword some parts, fix wrong information about port forwarding Signed-off-by: Fabian Grünbichler --- pvecm.adoc | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/pvecm.adoc b/pvecm.adoc index cbbcf60..0fad203 100644 --- a/pvecm.adoc +++ b/pvecm.adoc @@ -872,17 +872,19 @@ If you see a healthy cluster state, it means that your new link is being used. Role of SSH in {PVE} Clusters ----------------------------- -{PVE} utilizes SSH tunnels for various operations. +{PVE} utilizes SSH tunnels for various features. -* Proxying terminal sessions of node and containers between nodes +* Proxying console/shell sessions (node and guests) + -When you connect another nodes shell through the web interface, for example, a -non-interactive SSH tunnel is started in order to forward the necessary ports -for the VNC connection. +When using the shell for node B while being connected to node A, connects to a +terminal proxy on node A, which is in turn connected to the login shell on node +B via a non-interactive SSH tunnel. -* VM and CT memory and local-storage migration, if the cluster wide migration - settings are not configured 'insecure' mode. During a VM migration an SSH - tunnel is established between the target and source nodes. +* VM and CT memory and local-storage migration in 'secure' mode. ++ +During the migration one or more SSH tunnel(s) are established between the +source and target nodes, in order to exchange migration information and +transfer memory and disk contents. * Storage replication -- 2.20.1