LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-13-2014, 08:40 PM   #1
SamanthaCruz
LQ Newbie
 
Registered: Sep 2012
Posts: 5

Rep: Reputation: Disabled
SSH Keys across clustered servers


I have a 10 node cluster and multiple clustered resources on the cluster have IP Addresses that move between different servers in the cluster when the application is migrated.

This causes RSYNC and other tools that use SSH to fail because from the remote server the key it has in known_hosts for this virtual server no longer matches the one used by the node that is now hosting the application.

I am considering making the host keys identical across all of the cluster nodes but wanted to ask first and see if that is the best solution and if it's even a good idea.

Better ideas are more than welcome.
Thanks
 
Old 01-13-2014, 09:13 PM   #2
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,257

Rep: Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077Reputation: 1077
I'm no expert here, but it does intuitively seem to me that this is a situation that SSH is not quite programmed to recognize, viz: "even though the IP-addresses of these 10 machines are (of course ...) not the same, functionally they are 'a band of brothers.' "

Therefore, I think that I would, indeed, issue one common SSH host-key and associate it with all 10 of these addresses. Because, well, that best reflects the reality of this situation. All 10 of these IP's (but, none others!) are supposed to share the same credential . . .\\

(Any objections, dear experts?)
 
Old 01-17-2014, 12:55 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
I'm wondering, even if you would be using UCARP or VRRP for public IP addresses, aren't those machines themselves connected to a separate management network with fixed IP addresses?..
 
Old 01-18-2014, 10:51 AM   #4
SamanthaCruz
LQ Newbie
 
Registered: Sep 2012
Posts: 5

Original Poster
Rep: Reputation: Disabled
Each host has an IP address associated to the physical node however there are also IP Addresses associated to the clustered applications, and those applications move between physical nodes for load balancing and for cluster failover... - rsync needs to backup the application data regardless of which physical node it is on at the time.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there an easy way to change SSH keys on 20 servers? abefroman Linux - Server 3 02-21-2013 11:48 PM
rsync servers - ssh keys hua Linux - Security 1 02-28-2011 09:28 PM
Virtual IPs on Clustered Servers tajamari Linux - Server 1 11-28-2008 02:05 PM
Best way to share files between clustered servers? ircmaxell Linux - Server 7 10-31-2007 11:28 AM
Linux Clustered Servers Kaykay Linux - Hardware 8 04-10-2006 11:49 PM


All times are GMT -5. The time now is 11:02 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration