Avatar of Balbir Singh
Balbir Singh
Flag for United States of America asked on

How to create a cluster of ssh servers?

Is there a way we can configure a cluster of ssh server? I am trying to keep 5 ssh server behind a load balancer or create a cluster out of it. then later to stateful failover if anyone of the backend goes down.

I would really appreciate on suggestion on any way to achieve it. TIA
SSH / Telnet Software

Avatar of undefined
Last Comment
David Favor

8/22/2022 - Mon
David Favor

You asked, "Is there a way we can configure a cluster of ssh server?"

There is no way to... create a cluster of stateful sshd instances, as this violates then entire premise of sshd... which specifically tracks all sorts of key/IP relationships, which is why you get a passphrase prompt anytime you attempt moving to a new machine down a string of sshd connections.

Mention why.

Describe what you're trying to accomplish or what problem you're trying to solve.
ASKER CERTIFIED SOLUTION
serialband

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Balbir Singh

ASKER
When I try to put the same hostkey in all ssh-server and when I ssh then I get error saying this host key is bound to another IP. How can I resolv it?

myhost.com,xx.xx.xx.xx ecdsa-sha2-nistp256 AAAAE0VjZHNhLXNoYTIhbmlzdHAyNTYAAAAIbmlzdHAyN3YAAABBBGictWp/32RZ2qsaBP5uc6xym0sH/73/ZedmjAvkiHslYllFIO8S9NCkuOYyOTDht9Zai4ZX3N6tOGi3AkC4Bk8=

Open in new window


I just want user not to get warning or MITM error when they get the same host key from other IP as my domain myhost.com will resolve to multiple IP addresses and when someone login they every time they may get new IP with same hostkey.
David Favor

The only way you can resolve this is by ignoring these errors, as keys pin to IPs.

All your ssh commands must include the ignore option...

ssh -o StrictHostKeyChecking=no

Open in new window


Which will usually clear this up.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck