Re: Question on SSH configuration in a cluster environment.

From: Doug O'Leary (dkoleary_at_comcast.net)
Date: 01/16/04

• Next message: Jeremiah DeWitt Weiner: "Re: Question on SSH configuration in a cluster environment."
• Previous message: Chris Calabrese: "Re: what are the Best Security Conferences to attend"
• In reply to: Snoopy_: "Question on SSH configuration in a cluster environment."
• Next in thread: Nico Kadel-Garcia: "Re: Question on SSH configuration in a cluster environment."
• Reply: Nico Kadel-Garcia: "Re: Question on SSH configuration in a cluster environment."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 16 Jan 2004 15:59:06 GMT

Hey;

In article <e71fbf62.0401160645.1ff4af39@posting.google.com>, Snoopy_ wrote:
> Issue: When a failover happens in a cluster, users can no longer
> connect via ssh because of the changed host key. I believe users are
> connecting to the logical/virtual cluster hostname, yet the
> known_hosts file is picking up the public key from the physical host.
> If the user removes that host from its known_host file, then
> reconnection is successfull.
>

I would think you could simply copy over the host key between the
nodes of the cluster. The host key is nothing more than a null pass-
phrased private key that's generated when ssh is first installed.
Although I wouldn't call myself a ssh expert, but I do believe I have a
bit more experience with it than is common. The other caveat is I
haven't tried this; but, I can't think of anything that'd get broken
because of it.

Doug

-- 
--------
Senior UNIX Admin
O'Leary Computer Enterprises
dkoleary@olearycomputers.com (w) 630-904-6098 (c) 630-248-2749
resume:  http://home.comcast.net/~dkoleary/resume.html

---

• Next message: Jeremiah DeWitt Weiner: "Re: Question on SSH configuration in a cluster environment."
• Previous message: Chris Calabrese: "Re: what are the Best Security Conferences to attend"
• In reply to: Snoopy_: "Question on SSH configuration in a cluster environment."
• Next in thread: Nico Kadel-Garcia: "Re: Question on SSH configuration in a cluster environment."
• Reply: Nico Kadel-Garcia: "Re: Question on SSH configuration in a cluster environment."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [NEWS] SSH Protocol Weakness Vulnerability (MITM) ... A weakness in the backward compatibility of the SSH Protocol has been ... SSH version 1.0) is unlikely to have the host key for the other protocol ... The SSH daemons advertise one of two major versions, ... (Securiteam) Re: Question on SSH configuration in a cluster environment. ... >> connect via ssh because of the changed host key. ... > nodes of the cluster. ... > phrased private key that's generated when ssh is first installed. ... simply duplicate the hostkeys among all the machines. ... (comp.unix.solaris) Re: Question on SSH configuration in a cluster environment. ... >> connect via ssh because of the changed host key. ... > nodes of the cluster. ... > phrased private key that's generated when ssh is first installed. ... simply duplicate the hostkeys among all the machines. ... (comp.security.ssh) Re: Question on SSH configuration in a cluster environment. ... >> connect via ssh because of the changed host key. ... > nodes of the cluster. ... > phrased private key that's generated when ssh is first installed. ... simply duplicate the hostkeys among all the machines. ... (comp.security.unix) Re: Q: paramiko/SSH/ how to get a remote host_key ... SSH client, if you connect for the first time then you get somethign ... ''' The server's host key is not cached in the registry. ... host_key the first time it connects to a remote SSH server. ... (comp.lang.python)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.unix  > 2004-01