In my previous post I described how we setup a Ubuntu Server (12.0.4) as an OpenSSH SFTP server.

In this post I am going to describe how I have load balanced 2 SFTP servers using HAProxy.

I will assume that we have 2 sftp Ubuntu servers with IP addresses of 192.168.10.1 & 192.168.10.2

We then need to spin up a new Ubunutu server and install the HAProxy package. This new server should have 2 NICs installed, one for management of the server and another for load balancing the SSH (port 22) connection. I should note here that I am using VMWare VM's for all of this work. In this example the management IP will be 192.168.10.100 and the IP address for the load balancing will be 192.168.10.50

apt-get install haproxy

once haproxy is installed there are a few configuration changes that need to be made for this to work. The first is in /etc/ssh/sshd_config where we need to ensure the ListenAddress is set to the management IP of 192.168.10.100 - if this is left at the default of 0.0.0.0 haproxy will not be able to bind to port 22.

sudo vi /etc/ssh/sshd_config
ListenAddress 192.168.10.100     

We also need to enable haproxy so that it starts automatically by editing the file shown below and ensuring 'Enabled' is set to 1

sudo vi /etc/default/haproxy

Enabled=1

Now we need to configure haproxy, edit the /etc/haproxy/haproxy.cfg file. I do this by deleting all content of this file and replacing it with my own, delete all content and then paste in the content shown below

sudo vi /etc/haproxy/haproxy.cfg
# config needs haproxy-1.1.28 or haproxy-1.2.1

global
        maxconn 4096
        daemon
 
defaults
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000
 
listen  SSHLB 192.168.10.50:22
        mode tcp
        option tcplog
        balance roundrobin
        server  sftp01 192.168.10.1:22
        server  sftp02 192.168.10.2:22
 
At this stage I would reboot the LB server although you could probably get away with restarting haproxy and ssh.
 
Now if you make a connection to the LB address (192.168.10.50) over TCP port 22 your connection will be load balanced between the 2 servers using round robin. You will quickly see that this does not work as the 2 servers have different RSA Host Keys and once you have added a host to your known hosts file you will receive and error when this key changes i.e. when you are load balanced to another server.
 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX.
Please contact your system administrator.
 
To overcome this issue you have to copy the private and public keys from one load balanced server to another. Copy the key files located in /etc/ssh/ and replace them in the other server. Make sure that the permissions are identical after copying as I found that this caused issues. Now both servers have the same Host Keys and the load balanced connection should operate without any issues. 
 
Please note that I am unsure if replacing these keys may cause other issues but so far the hosts appear to continue to operate normally. Further testing is required of this solution and I will update this post if any issues arise.

<wiz_tmp_tag id="wiz-table-range-border" contenteditable="false" style="display: none;">

 
 
 
 

Load Balancing OpenSSH SFTP with HAProxy的更多相关文章

  1. 【架构】How To Use HAProxy to Set Up MySQL Load Balancing

    How To Use HAProxy to Set Up MySQL Load Balancing Dec  2, 2013 MySQL, Scaling, Server Optimization U ...

  2. Installing haproxy load balancing for http and https--转载

    This example will guide you through a simple IP based load balancing solution that handles ssl traff ...

  3. 负载均衡(Load Balancing)学习笔记(二)

    概述 文章负载均衡(Load Balancing)学习笔记(一) 讲述了负载均衡的一般性原理,本文继续介绍常见的实现负载均衡的方法. HTTP重定向 HTTP重定向服务器是一台普通的Web服务器,用户 ...

  4. 负载均衡(Load Balancing)学习笔记(一)

    概述 在分布式系统中,负载均衡(Load Balancing)是一种将任务分派到多个服务端进程的方法.例如,将一个HTTP请求派发到实际的Web服务器中执行的过程就涉及负载均衡的实现.一个HTTP请求 ...

  5. Elastic Load Balancing with Sticky Sessions

    Elastic Load Balancing with Sticky Sessions — Shlomo Swidler https://shlomoswidler.com/2010/04/elast ...

  6. gRPC Load Balancing

    gRPC Load Balancing 翻译自:https://grpc.io/blog/grpc-load-balancing/ 这是gRPC负载均衡的第一篇,后续会给出基于golang XDS服务 ...

  7. CF# Educational Codeforces Round 3 C. Load Balancing

    C. Load Balancing time limit per test 2 seconds memory limit per test 256 megabytes input standard i ...

  8. Codeforces Educational Codeforces Round 3 C. Load Balancing 贪心

    C. Load Balancing 题目连接: http://www.codeforces.com/contest/609/problem/C Description In the school co ...

  9. UVA 12904 Load Balancing 暴力

    Load Balancing Time Limit: 20 Sec Memory Limit: 256 MB 题目连接 http://acm.hust.edu.cn/vjudge/contest/vi ...

随机推荐

  1. java修饰符用法

    public:本类可使用,子类可使用,同一包内的类可使用,不同包内的类可使用 protected:本类可使用,子类可使用(不同包内的子类也可使用),同一包内的类可使用 default(当不写修饰符时) ...

  2. ubuntu 命令行卸载并清理软件

    1.删除软件 方法一.如果你知道要删除软件的具体名称,可以使用 sudo apt-get remove --purge 软件名称 sudo apt-get autoremove --purge 软件名 ...

  3. python中变量命名的基本规则,标识符和关键字

    变量的命名 目标 标识符和关键字 变量的命名规则 0.1 标识符和关键字 1.1 标识符 标示符就是程序员定义的 变量名.函数名 名字 需要有 见名知义 的效果,见下图:  标示符可以由 字母.下划 ...

  4. Ionic2开发环境搭建、项目创建调试与Android应用的打包、优化

    Ionic2开发环境搭建.项目创建调试与Android应用的打包.优化. windows下ionic2开发环境配置步骤如下: 下载node.js环境,稳定版本:v6.9.5 下载android stu ...

  5. 强化学习9-Deep Q Learning

    之前讲到Sarsa和Q Learning都不太适合解决大规模问题,为什么呢? 因为传统的强化学习都有一张Q表,这张Q表记录了每个状态下,每个动作的q值,但是现实问题往往极其复杂,其状态非常多,甚至是连 ...

  6. python random模块(获取随机数)

    如果要使用random模块,需要先导入 import random 1.random.random()  #用于生成一个0到1的随机浮点数 2.random.uniform(a,b)  #用于生成一个 ...

  7. Python 内置函数2

    print(list("胡辣汤")) lst = ["河南话", "四川话", "东北", "山东" ...

  8. 微软Power BI 每月功能更新系列——3月Power BI 新功能学习

    本月对Power BI Desktop 来讲是非常令人兴奋的一个月!!!以下是3月份最新的功能,下面马上带领大家看看本月的更新内容. 报表功能 报告页面工具提示(预览)  通过报告页面工具提示功能,可 ...

  9. Power BI与Tableau基于Google搜索上的比较

    在数据分析领域里,不少的数据爱好者都会关心什么数据分析产品最好用?最重要的是,很多的企业也特别希望员工能真正知道如何使用这些BI平台以确保公司的投资是值得.同类的文章,小悦也曾发布过,可参考最近< ...

  10. [转] 带你彻底理解RSA算法原理

    http://blog.csdn.net/dbs1215/article/details/48953589 1. 什么是RSA RSA算法是现今使用最广泛的公钥密码算法,也是号称地球上最安全的加密算法 ...