host authentication in a cluster

20/12/2006, 04h31

Hi,

We are having some discussions around solving client connections to
various cluster VIPs or Logical Hosts. The cluster nodes have sshd
running on them with the host keys generated from basically the fqdn of
the individual servers. However, clients connect to the cluster via a
floating IP for the entire complex and can connect to any node depending
on the circumstances. If a failover occurs then the connection is
re-initiated the host key changes and you get the alert of the MITHM
attack which breaks these unattended sessions.

One solution is to populate the known_hosts file on each client with all
the keys from each individual box + generate a key for the virtual address.

I'm sure this problem has been run into many, many times, but in reading
the ssh docs and googling I haven't seen a solution to this problem that
doesn't involve a shared known hosts file for every client! We have
10,000 + clients so this is unmanageable!

Ideas anyone? Oh, commercial products aren't acceptable either! We are
running both VCS and Sun Cluster and have mostly Solaris 10 sparc servers
that we are concerned with at this time.

20/12/2006, 06h10

Why not simply use the same hostkey on all cluster nodes?

--
Richard Silverman
res@qoxp.net

22/12/2006, 03h20

On Wed, 20 Dec 2006 01:10:46 -0500, Richard E. Silverman wrote:

>
> Why not simply use the same hostkey on all cluster nodes?

Yes, that's what we proposed. Customer says that didn't work, but I can't
imagine why. I'll have the cluster to test with on Friday. Will post
results after Christmas.

Dante

20/12/2006, 04h31	#1
Donzi Guy Messages: n/a Hébergeur:	host authentication in a cluster Hi, We are having some discussions around solving client connections to various cluster VIPs or Logical Hosts. The cluster nodes have sshd running on them with the host keys generated from basically the fqdn of the individual servers. However, clients connect to the cluster via a floating IP for the entire complex and can connect to any node depending on the circumstances. If a failover occurs then the connection is re-initiated the host key changes and you get the alert of the MITHM attack which breaks these unattended sessions. One solution is to populate the known_hosts file on each client with all the keys from each individual box + generate a key for the virtual address. I'm sure this problem has been run into many, many times, but in reading the ssh docs and googling I haven't seen a solution to this problem that doesn't involve a shared known hosts file for every client! We have 10,000 + clients so this is unmanageable! Ideas anyone? Oh, commercial products aren't acceptable either! We are running both VCS and Sun Cluster and have mostly Solaris 10 sparc servers that we are concerned with at this time.

20/12/2006, 06h10	#2
Richard E. Silverman Messages: n/a Hébergeur:	Re: host authentication in a cluster Why not simply use the same hostkey on all cluster nodes? -- Richard Silverman res@qoxp.net

22/12/2006, 03h20	#3
Donzi Guy Messages: n/a Hébergeur:	Re: host authentication in a cluster On Wed, 20 Dec 2006 01:10:46 -0500, Richard E. Silverman wrote: > > Why not simply use the same hostkey on all cluster nodes? Yes, that's what we proposed. Customer says that didn't work, but I can't imagine why. I'll have the cluster to test with on Friday. Will post results after Christmas. Dante

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email