On Wed, Jan 30, 2013 at 9:44 AM, System Administrator <ad...@bitwise.net> wrote: > On 30 Jan 2013 at 9:29, Johan Beisser wrote: >
>> > While testing the failover and trying to ssh to a carp address I got >> > hit with the server key mismatch; hence this email. What is considered >> > best practice wrt ssh keys in a carp cluster -- install the same keys >> > on all member nodes to avoid the alerts or just live with the >> > occasional mismatch? >> >> Don't monitor SSH on the CARP address. > > Sorry, I'm not following you Do you need to be able to ssh in to the firewall(s) via the CARP addresses? If the answer is yes, share the host keys between them. Or set up a redirect for the CARP addresses that goes to an alternate sshd port from port 22. Which uses the same host keys between the systems.
