2 Loadbalanced SSH / SFTP Servers sharing same private public key pair

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello All,

I have 2 SSH / SFTP Servers. They are sitting behind firewall and loadbalan=
cer. They both run RHEL. When the loadbalancer switches to second server th=
e end users get warning message that the key has changed. Thet is SSH assum=
es that man in middle attack has occurred. This is off course because the s=
econd servers is now answering the SFTP requests and name / ip address has =
indeed changed.

So have
Loodbalanced name / ip address
Server RHEL1 name / ip address (prefered by load balancer)
Server RHEL2 name / ip address (loadbalancer will point to this first serve=
r is down)

Is it possible to make both servers have the same private / public pair. Th=
is would remove the warning message when loadbalancing event occurs. Techni=
cally I think I just need to copy all private key files (ssh_host_rsa_key, =
ssh_host_dsa_key, ssh_host_key) and public keys (ssh_host_dsa_key.pub, ssh_=
host_key.pub, ssh_host_rsa_key.pub) from 1 server to the other.

Is this dangerous? Or reasonable considering I have just 2 servers and they=
 are behind firewall etc.

Any input much appreciated.


Re: 2 Loadbalanced SSH / SFTP Servers sharing same private public key pair

On Mon, 07 Jan 2013 02:36:20 -0800, ksmith169 wrote:

Quoted text here. Click to load it

Yes, place your key within /etc/ssh/.

Quoted text here. Click to load it


It depends. As soon as somebody has a key login, he/she is able to access
the 2nd server via ssh as well, assuming there are no ip filters involved.


Re: 2 Loadbalanced SSH / SFTP Servers sharing same private public key pair

Quoted text here. Click to load it

If by "key login" you're referring to publickey client authentication,
then this is false. The host key is used by the client to authenticate
the server; it has nothing to do with the server authenticating the
client (except with hostbased authentication).

The tradeoff here has to do with compromise of the server: if the
servers share a hostkey, then an attacker who compromises one can spoof
the other as well.

The best thing to do from a security perspective is to configure the
client to accept either key for the load-balanced server name and/or
address. You can do this in OpenSSH by simply listing both keys for the
same server in the known_hosts file. Whether that's worth the hassle in
this particular case depends on your security requirements and exactly
how much hassle it will be. :)

- Richard

Site Timeline