sshd and HA

Philip Rowlands phr at doc.ic.ac.uk
Sat Aug 9 15:50:01 CDT 2003


On Sat, 9 Aug 2003, neal elliott wrote:

>when I login to the alias ip address in the cluster using ssh and
>the prime node failes to the backup node how can I keep the connection
>to the alias ip? without having to re-login to the alias?

I doubt that you can (although I'm only guessing). The ssh connection
would be highly stateful, using ephemeral DH keys, so you'd need an ssh
daemon which cooperatively shared this state with other nodes; a
significant security risk, and not an option I've ever seen in an ssh
server.

This is true of any encrypted connection with forward secrecy. I once
saw read a paper which described a shared network session cache for SSL,
but it was not implemented (at the time). But that's not what you want.

Sorry for the unhelpful reply. Perhaps a dedicated HA mailing list would
be of more assistance.


Cheers,
Phil




More information about the Linux-PowerEdge mailing list