We help IT Professionals succeed at work.

How to create a cluster of ssh servers?

Balbir Singh
Balbir Singh asked
Is there a way we can configure a cluster of ssh server? I am trying to keep 5 ssh server behind a load balancer or create a cluster out of it. then later to stateful failover if anyone of the backend goes down.

I would really appreciate on suggestion on any way to achieve it. TIA
Watch Question

David FavorFractional CTO
Distinguished Expert 2019

You asked, "Is there a way we can configure a cluster of ssh server?"

There is no way to... create a cluster of stateful sshd instances, as this violates then entire premise of sshd... which specifically tracks all sorts of key/IP relationships, which is why you get a passphrase prompt anytime you attempt moving to a new machine down a string of sshd connections.

Mention why.

Describe what you're trying to accomplish or what problem you're trying to solve.
You can load balance ssh, but can't transfer states.  You should put the same host keys on all ssh servers first.  This way it doesn't matter which server you connect to, you get the same key.  However, I'm not sure you can

Balbir SinghSystem Administrator


When I try to put the same hostkey in all ssh-server and when I ssh then I get error saying this host key is bound to another IP. How can I resolv it?

myhost.com,xx.xx.xx.xx ecdsa-sha2-nistp256 AAAAE0VjZHNhLXNoYTIhbmlzdHAyNTYAAAAIbmlzdHAyN3YAAABBBGictWp/32RZ2qsaBP5uc6xym0sH/73/ZedmjAvkiHslYllFIO8S9NCkuOYyOTDht9Zai4ZX3N6tOGi3AkC4Bk8=

Open in new window

I just want user not to get warning or MITM error when they get the same host key from other IP as my domain myhost.com will resolve to multiple IP addresses and when someone login they every time they may get new IP with same hostkey.
David FavorFractional CTO
Distinguished Expert 2019

The only way you can resolve this is by ignoring these errors, as keys pin to IPs.

All your ssh commands must include the ignore option...

ssh -o StrictHostKeyChecking=no

Open in new window

Which will usually clear this up.