Hello Imam,
On Tue, Jan 9, 2018 at 2:30 AM, Imam Toufique <techie...@gmail.com> wrote: > > Hi Jonathan, and Lucas, > > Thanks for your replies. With your help, I was able to get it work > partially. Please always CC the mailing list though. > frontend main *:2200 > #bind *:22 > default_backend sftp > timeout client 1h While this works, it's causing a lot of confusion. Please do follow my advice and DON'T specify the port in the frontend/listen line. Use the bind directive instead. So in this case: > frontend main > bind :2200 > default_backend sftp > timeout client 1h It's much more readable like this. > listen stats > #bind *:22 You disbled your stats section with this configuration. Either decide for a port, or remove it if you don't need it. > But haproxy starts and I was able to get ssh to one of the servers. Now I > have a different problem where I get a ssh ket fingerprint error warning and > my connection drops. > > I get the error below: > > [vagrant@db ~]$ ssh file -p 2200 > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that a host key has just been changed. > The fingerprint for the RSA key sent by the remote host is > SHA256:MHkXThp4cSltDn0/mRsq7Se+qcDz6cz1dD+kCiyE9e0. > Please contact your system administrator. > Add correct host key in /home/vagrant/.ssh/known_hosts to get rid of this > message. > Offending ECDSA key in /home/vagrant/.ssh/known_hosts:4 > RSA host key for [file]:2200 has changed and you have requested strict > checking. > Host key verification failed > > It looks like host keys are changing, and the host key becomes unknown to > both servers that are behind HAProxy. what do you recommend doing in a case > like this? That's what happens when you load-balance between 2 different SSH servers with a different private key. What is it that you want to achieve in the first place? cheers, lukas
