tech at gillioz
Mar 13, 2011, 3:21 PM
Post #2 of 2
One thing to consider is the alert message that could got the client
(depend the setting) when accessing different host/key with same IPs.
Never did that with LB, but did something similar for a VIP cluster ssh
solution. Maybe you should googled with SSH and Cluster VIP.
Maybe you can have the same hosts key on all hosts of the farm, you will
then avoid having the client which goes to the VIP of the LB having a
mismatch of the host key, but this could not be a good security practice
or you will need to have the host-key security check disable.
Le 12.03.11 00:57, Leo Schubert a écrit :
> any suggestions/pointers what are the best practices in load balancing
> ssh ?
> I googled quite heavy for it and found a lot of general purpose load
> balancer systems/software
> (LVS, balance(NG) , HAProxy) but didn't get too much information how
> to apply it to ssh.
> Im especially interested in the security aspect that a load balancer
> act's as a "man in the middle" and at the client side one gets
> permanently potential host key changes if the balancer directs to
> another real host than in the previous connection. Are there also
> other security aspects I should be aware of if I simply use a tool
> like "balance" to multiplex incoming requests on a decicated device to
> multiple hosts ?
> Kind Regards, Leo