Re: load balancing ssh
- From: tech <tech@xxxxxxxxxxx>
- Date: Sun, 13 Mar 2011 23:21:57 +0100
Hi,
One thing to consider is the alert message that could got the client (depend the setting) when accessing different host/key with same IPs. Never did that with LB, but did something similar for a VIP cluster ssh solution. Maybe you should googled with SSH and Cluster VIP.
Maybe you can have the same hosts key on all hosts of the farm, you will then avoid having the client which goes to the VIP of the LB having a mismatch of the host key, but this could not be a good security practice or you will need to have the host-key security check disable.
Kind Regards,
Pascal
Le 12.03.11 00:57, Leo Schubert a écrit :
Hi,
any suggestions/pointers what are the best practices in load balancing ssh ?
I googled quite heavy for it and found a lot of general purpose load balancer systems/software
(LVS, balance(NG) , HAProxy) but didn't get too much information how to apply it to ssh.
Im especially interested in the security aspect that a load balancer act's as a "man in the middle" and at the client side one gets permanently potential host key changes if the balancer directs to another real host than in the previous connection. Are there also other security aspects I should be aware of if I simply use a tool like "balance" to multiplex incoming requests on a decicated device to multiple hosts ?
Kind Regards, Leo
- References:
- load balancing ssh
- From: Leo Schubert
- load balancing ssh
- Prev by Date: Privacy, Security, Trust (PST 2011) - 2nd Call for Papers (Deadline: March 20)
- Next by Date: High latency when port-forwarding postgresql (for statements which don't return data)
- Previous by thread: load balancing ssh
- Next by thread: Privacy, Security, Trust (PST 2011) - 2nd Call for Papers (Deadline: March 20)
- Index(es):
Relevant Pages
|
