host authentication in a cluster

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

We are having some discussions around solving client connections to
various cluster VIPs or Logical Hosts.  The cluster nodes have sshd
running on them with the host keys generated from basically the fqdn of
the individual servers.  However, clients connect to the cluster via a
floating IP for the entire complex and can connect to any node depending
on the circumstances.  If a failover occurs then the connection is
re-initiated the host key changes and you get the alert of the MITHM
attack which breaks these unattended sessions.  

One solution is to populate the known_hosts file on each client with all
the keys from each individual box + generate a key for the virtual address.

I'm sure this problem has been run into many, many times, but in reading
the ssh docs and googling I haven't seen a solution to this problem that
doesn't involve a shared known hosts file for every client!  We have
10,000 + clients so this is unmanageable!

Ideas anyone? Oh, commercial products aren't acceptable either!  We are
running both VCS and Sun Cluster and have mostly Solaris 10 sparc servers
that we are concerned with at this time.

Re: host authentication in a cluster

Why not simply use the same hostkey on all cluster nodes?

  Richard Silverman

Re: host authentication in a cluster

On Wed, 20 Dec 2006 01:10:46 -0500, Richard E. Silverman wrote:

Quoted text here. Click to load it

Yes, that's what we proposed. Customer says that didn't work, but I can't
imagine why. I'll have the cluster to test with on Friday.  Will post
results after Christmas.


Site Timeline