Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.os.linux.security > #652 > unrolled thread

risk of same fingerprint for ssh?

Started byBurkhard Schultheis <burkhard.schultheis@web.de>
First post2015-06-02 15:02 +0200
Last post2015-06-03 23:19 +0100
Articles 2 — 2 participants

Back to article view | Back to comp.os.linux.security


Contents

  risk of same fingerprint for ssh? Burkhard Schultheis <burkhard.schultheis@web.de> - 2015-06-02 15:02 +0200
    Re: risk of same fingerprint for ssh? Richard Kettlewell <rjk@greenend.org.uk> - 2015-06-03 23:19 +0100

#652 — risk of same fingerprint for ssh?

FromBurkhard Schultheis <burkhard.schultheis@web.de>
Date2015-06-02 15:02 +0200
Subjectrisk of same fingerprint for ssh?
Message-ID<mkk9j2$p7u$1@news.albasani.net>
We have two clusters with 3 pairs of machines, cluster A consisting of a
pair of application servers and a pair of MySQL servers, cluster B
consisting of a pair of apache tomcat servers.

Only the machines in cluster B have public IP's. Customers connect to
the primary server in Cluster B, of course. The server in Cluster B
connects to the servers in cluster A.

The 2 MySQL servers are reachable through virtual addresses for the
primary and the secondary server. Now an external server has to connect
to the secondary server via SSH. If the fingerprints for the 2 MySQL
servers are different, we have a problem, if the virtual address is
moving to the other server.

We could give both servers the same fingerprint, but is this dangerous?
If yes, why?

Thank you in advance!

Regards
Burkhard

[toc] | [next] | [standalone]


#653

FromRichard Kettlewell <rjk@greenend.org.uk>
Date2015-06-03 23:19 +0100
Message-ID<wwvpp5ccu44.fsf@l1AntVDjLrnP7Td3DQJ8ynzIq3lJMueXf87AxnpFoA.invalid>
In reply to#652
Burkhard Schultheis <burkhard.schultheis@web.de> writes:
> We have two clusters with 3 pairs of machines, cluster A consisting of a
> pair of application servers and a pair of MySQL servers, cluster B
> consisting of a pair of apache tomcat servers.
>
> Only the machines in cluster B have public IP's. Customers connect to
> the primary server in Cluster B, of course. The server in Cluster B
> connects to the servers in cluster A.
>
> The 2 MySQL servers are reachable through virtual addresses for the
> primary and the secondary server. Now an external server has to connect
> to the secondary server via SSH. If the fingerprints for the 2 MySQL
> servers are different, we have a problem, if the virtual address is
> moving to the other server.
>
> We could give both servers the same fingerprint, but is this dangerous?
> If yes, why?

If I understand your architecture right, you’re not worried about the
frontend servers being unable to distinguish the backend servers from
one another.

You might care about other clients being able to distinguish them,
however, for instance when you log in to them for management purposes.

You might be able to solve this by having multiple host keys - i.e. one
shared between the backend servers and used for access from the frontend
servers, and then one for each backend server used for management
access.

I don’t know how well this would work if they were of the same type, but
you can certainly have multiple host keys of different types with
OpenSSH, which might be good enough, depending whether you have any
requirements about key type.

-- 
http://www.greenend.org.uk/rjk/

[toc] | [prev] | [standalone]


Back to top | Article view | comp.os.linux.security


csiph-web