Re: Question on SSH configuration in a cluster environment.

From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: 01/18/04

  • Next message: cljlk: "PCI and SBus adapter" 
    Date: Sat, 17 Jan 2004 20:03:40 -0500

    "Doug O'Leary" <dkoleary@comcast.net> wrote in message
    news:bu91oa0cg6@news4.randori.com...
    > Hey;
    >
    > In article <e71fbf62.0401160645.1ff4af39@posting.google.com>, Snoopy_
    wrote:
    > > Issue: When a failover happens in a cluster, users can no longer
    > > connect via ssh because of the changed host key. I believe users are
    > > connecting to the logical/virtual cluster hostname, yet the
    > > known_hosts file is picking up the public key from the physical host.
    > > If the user removes that host from its known_host file, then
    > > reconnection is successfull.
    > >
    >
    > I would think you could simply copy over the host key between the
    > nodes of the cluster. The host key is nothing more than a null pass-
    > phrased private key that's generated when ssh is first installed.
    > Although I wouldn't call myself a ssh expert, but I do believe I have a
    > bit more experience with it than is common. The other caveat is I
    > haven't tried this; but, I can't think of anything that'd get broken
    > because of it.

    You can. In such environments where the cluster has a bunch of machines with
    "identical" setups, despite the potential spoofing risks, it's quite easy to
    simply duplicate the hostkeys among all the machines. The trick is often
    used for deployments of Beowulf clusters or other load sharing setups where
    the same hostname/configuration is shared among multiple machines.

  • Next message: cljlk: "PCI and SBus adapter"

    Relevant Pages

    • Re: Question on SSH configuration in a cluster environment.
      ... >> connect via ssh because of the changed host key. ... > nodes of the cluster. ... > phrased private key that's generated when ssh is first installed. ... simply duplicate the hostkeys among all the machines. ...
      (comp.unix.solaris)
    • Re: Question on SSH configuration in a cluster environment.
      ... >> connect via ssh because of the changed host key. ... > nodes of the cluster. ... > phrased private key that's generated when ssh is first installed. ... simply duplicate the hostkeys among all the machines. ...
      (comp.security.ssh)
    • Re: OpenSSH version question
      ... >I'm using OpenSSH 2.5 or 2.9 on various Linux machines. ... SSH itself ... I have all the appropriate host key files in /etc/ssh. ...
      (comp.security.ssh)
    • OpenSSH version question
      ... I'm using OpenSSH 2.5 or 2.9 on various Linux machines. ... SSH itself ... works OK, but with 2.9, whenever I try to start sshd, I get a wierd ... I have all the appropriate host key files in /etc/ssh. ...
      (comp.security.ssh)
    • [NEWS] SSH Protocol Weakness Vulnerability (MITM)
      ... A weakness in the backward compatibility of the SSH Protocol has been ... SSH version 1.0) is unlikely to have the host key for the other protocol ... The SSH daemons advertise one of two major versions, ...
      (Securiteam)