Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Users

load balancing ssh

 

 

OpenSSH users RSS feed   Index | Next | Previous | View Threaded


ls at 4js

Mar 11, 2011, 3:57 PM

Post #1 of 2 (2822 views)
Permalink
load balancing ssh

Hi,
any suggestions/pointers what are the best practices in load balancing ssh ?
I googled quite heavy for it and found a lot of general purpose load balancer systems/software
(LVS, balance(NG) , HAProxy) but didn't get too much information how to apply it to ssh.
Im especially interested in the security aspect that a load balancer act's as a "man in the middle" and at the client
side one gets permanently potential host key changes if the balancer directs to another real host than in the previous
connection. Are there also other security aspects I should be aware of if I simply use a tool like "balance" to
multiplex incoming requests on a decicated device to multiple hosts ?
Kind Regards, Leo


tech at gillioz

Mar 13, 2011, 3:21 PM

Post #2 of 2 (2760 views)
Permalink
Re: load balancing ssh [In reply to]

Hi,
One thing to consider is the alert message that could got the client
(depend the setting) when accessing different host/key with same IPs.
Never did that with LB, but did something similar for a VIP cluster ssh
solution. Maybe you should googled with SSH and Cluster VIP.

Maybe you can have the same hosts key on all hosts of the farm, you will
then avoid having the client which goes to the VIP of the LB having a
mismatch of the host key, but this could not be a good security practice
or you will need to have the host-key security check disable.

Kind Regards,
Pascal

Le 12.03.11 00:57, Leo Schubert a écrit :
> Hi,
> any suggestions/pointers what are the best practices in load balancing
> ssh ?
> I googled quite heavy for it and found a lot of general purpose load
> balancer systems/software
> (LVS, balance(NG) , HAProxy) but didn't get too much information how
> to apply it to ssh.
> Im especially interested in the security aspect that a load balancer
> act's as a "man in the middle" and at the client side one gets
> permanently potential host key changes if the balancer directs to
> another real host than in the previous connection. Are there also
> other security aspects I should be aware of if I simply use a tool
> like "balance" to multiplex incoming requests on a decicated device to
> multiple hosts ?
> Kind Regards, Leo
>

OpenSSH users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.