Adding SNI support to SSH
Nico Schottelius
nico.schottelius at ungleich.ch
Tue Jan 14 20:36:56 AEDT 2020
Peter Moody <mindrot at hda3.com> writes:
> On Mon, Jan 13, 2020 at 1:48 PM Nico Schottelius
> <nico.schottelius at ungleich.ch> wrote:
>
>> b) enabling load balancing for multi clusters
>>
>> The (b) case has 1 name per cluster, each serving multiple nodes behind
>> the name. (b) is currently solved using round robin DNS with a 60s
>> timeout. And yes, indeed all those nodes have the same host keys and
>> it needs 1 public IPv4 address per cluster.
>
> you don't need to share private keys. you just need all your bastion
> hosts to share a ValidPrincipal
Nice, thanks a lot for the details!
--
Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch
More information about the openssh-unix-dev
mailing list