Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- risk of same fingerprint for ssh?
- Burkhard Schultheis
June 2, 2015, 1:02 pm
rate this thread
pair of application servers and a pair of MySQL servers, cluster B
consisting of a pair of apache tomcat servers.
Only the machines in cluster B have public IP's. Customers connect to
the primary server in Cluster B, of course. The server in Cluster B
connects to the servers in cluster A.
The 2 MySQL servers are reachable through virtual addresses for the
primary and the secondary server. Now an external server has to connect
to the secondary server via SSH. If the fingerprints for the 2 MySQL
servers are different, we have a problem, if the virtual address is
moving to the other server.
We could give both servers the same fingerprint, but is this dangerous?
If yes, why?
Thank you in advance!
Re: risk of same fingerprint for ssh?
If I understand your architecture right, you’re not worried about the
frontend servers being unable to distinguish the backend servers from
You might care about other clients being able to distinguish them,
however, for instance when you log in to them for management purposes.
You might be able to solve this by having multiple host keys - i.e. one
shared between the backend servers and used for access from the frontend
servers, and then one for each backend server used for management
I don’t know how well this would work if they were of the same type, but
you can certainly have multiple host keys of different types with
OpenSSH, which might be good enough, depending whether you have any
requirements about key type.
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security