Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-13-2014, 08:40 PM   #1
LQ Newbie
Registered: Sep 2012
Posts: 6

Rep: Reputation: Disabled
SSH Keys across clustered servers

I have a 10 node cluster and multiple clustered resources on the cluster have IP Addresses that move between different servers in the cluster when the application is migrated.

This causes RSYNC and other tools that use SSH to fail because from the remote server the key it has in known_hosts for this virtual server no longer matches the one used by the node that is now hosting the application.

I am considering making the host keys identical across all of the cluster nodes but wanted to ask first and see if that is the best solution and if it's even a good idea.

Better ideas are more than welcome.
Old 01-13-2014, 09:13 PM   #2
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,514
Blog Entries: 4

Rep: Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955
I'm no expert here, but it does intuitively seem to me that this is a situation that SSH is not quite programmed to recognize, viz: "even though the IP-addresses of these 10 machines are (of course ...) not the same, functionally they are 'a band of brothers.' "

Therefore, I think that I would, indeed, issue one common SSH host-key and associate it with all 10 of these addresses. Because, well, that best reflects the reality of this situation. All 10 of these IP's (but, none others!) are supposed to share the same credential . . .\\

(Any objections, dear experts?)
Old 01-17-2014, 12:55 AM   #3
Registered: May 2001
Posts: 29,359
Blog Entries: 55

Rep: Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546Reputation: 3546
I'm wondering, even if you would be using UCARP or VRRP for public IP addresses, aren't those machines themselves connected to a separate management network with fixed IP addresses?..
Old 01-18-2014, 10:51 AM   #4
LQ Newbie
Registered: Sep 2012
Posts: 6

Original Poster
Rep: Reputation: Disabled
Each host has an IP address associated to the physical node however there are also IP Addresses associated to the clustered applications, and those applications move between physical nodes for load balancing and for cluster failover... - rsync needs to backup the application data regardless of which physical node it is on at the time.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there an easy way to change SSH keys on 20 servers? abefroman Linux - Server 3 02-21-2013 11:48 PM
rsync servers - ssh keys hua Linux - Security 1 02-28-2011 09:28 PM
Virtual IPs on Clustered Servers tajamari Linux - Server 1 11-28-2008 02:05 PM
Best way to share files between clustered servers? ircmaxell Linux - Server 7 10-31-2007 11:28 AM
Linux Clustered Servers Kaykay Linux - Hardware 8 04-10-2006 11:49 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:40 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration