Re: load balancing ssh



Hi,
One thing to consider is the alert message that could got the client (depend the setting) when accessing different host/key with same IPs. Never did that with LB, but did something similar for a VIP cluster ssh solution. Maybe you should googled with SSH and Cluster VIP.

Maybe you can have the same hosts key on all hosts of the farm, you will then avoid having the client which goes to the VIP of the LB having a mismatch of the host key, but this could not be a good security practice or you will need to have the host-key security check disable.

Kind Regards,
Pascal

Le 12.03.11 00:57, Leo Schubert a écrit :
Hi,
any suggestions/pointers what are the best practices in load balancing ssh ?
I googled quite heavy for it and found a lot of general purpose load balancer systems/software
(LVS, balance(NG) , HAProxy) but didn't get too much information how to apply it to ssh.
Im especially interested in the security aspect that a load balancer act's as a "man in the middle" and at the client side one gets permanently potential host key changes if the balancer directs to another real host than in the previous connection. Are there also other security aspects I should be aware of if I simply use a tool like "balance" to multiplex incoming requests on a decicated device to multiple hosts ?
Kind Regards, Leo




Relevant Pages

  • WCF- Cant LoadBalance netTCP , ( LeaseTimeout + ConnectionPool )
    ... A single WCF Service client making a large number of successive ... calls always finds the same machine in a load balanced farm. ... Load Balancer Changes ... Entry Per Session: Each session a client opens is recorded in the client ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: What doesnt lend itself to OO?
    ... objects need to be explicitly maintained....thus the rise of stateless ... of state largely the responsibility of the client. ... object only exists on 1 out of n servers the load balancer needs to ...
    (comp.object)
  • RE: WCF- Cant LoadBalance netTCP , ( LeaseTimeout + ConnectionPool )
    ... with server affinity regardless of the lease or idle time settings. ... not sure what load balancer you are using, but the one we have here is an A10 ... - Client and Services are run on Windows 2003 R2 ... Entry Per Session: Each session a client opens is recorded in the client ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: Client Certs behind a Load Balancer
    ... I have a client that has a wildcard cert on a load balancer in front of a ... server farm. ...  One of the webs that is hosted on this farm uses Client Certs ... problem of causing the unauthorized cert warning to be displayed. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Terminal Server Load Balancing
    ... The client will open a fresh connection ... to the VIP, ... Should the load balancer now interpret the token or the client will ...
    (microsoft.public.windows.terminal_services)