Hi Lukus, thanks again for your continued help and support! Here is my config file with updates now:
frontend main bind :2200 default_backend sftp timeout client 5d listen stats bind *:2200 mode tcp maxconn 2000 option redis-check retries 3 option redispatch balance roundrobin Please correct me if you see something that is not right. You asked about my SSH/SFTP use-case. Basically, here is my use-case. I have several SFTP servers that I would like to load-balance. I was thinking about using HAProxy to load-balance SFTP connections between my SFTP servers. As I was testing my setup yesterday, I was sending sftp file transfers to the HAproxy node, I noticed that HAProxy node CPU usage was pretty high. I am beginning to wonder if it is the right setup for my environment. Is HAProxy is the right solution for SFTP server load-balancing? thanks On Tue, Jan 9, 2018 at 2:12 AM, Lukas Tribus <lu...@ltri.eu> wrote: > Hello Imam, > > > On Tue, Jan 9, 2018 at 2:30 AM, Imam Toufique <techie...@gmail.com> wrote: > > > > Hi Jonathan, and Lucas, > > > > Thanks for your replies. With your help, I was able to get it work > > partially. > > Please always CC the mailing list though. > > > > > frontend main *:2200 > > #bind *:22 > > default_backend sftp > > timeout client 1h > > While this works, it's causing a lot of confusion. Please do follow my > advice and DON'T specify the port in the frontend/listen line. Use the > bind directive instead. > So in this case: > > > frontend main > > bind :2200 > > default_backend sftp > > timeout client 1h > > It's much more readable like this. > > > > > listen stats > > #bind *:22 > > You disbled your stats section with this configuration. Either decide > for a port, or remove it if you don't need it. > > > > > But haproxy starts and I was able to get ssh to one of the servers. Now > I > > have a different problem where I get a ssh ket fingerprint error warning > and > > my connection drops. > > > > I get the error below: > > > > [vagrant@db ~]$ ssh file -p 2200 > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > > Someone could be eavesdropping on you right now (man-in-the-middle > attack)! > > It is also possible that a host key has just been changed. > > The fingerprint for the RSA key sent by the remote host is > > SHA256:MHkXThp4cSltDn0/mRsq7Se+qcDz6cz1dD+kCiyE9e0. > > Please contact your system administrator. > > Add correct host key in /home/vagrant/.ssh/known_hosts to get rid of this > > message. > > Offending ECDSA key in /home/vagrant/.ssh/known_hosts:4 > > RSA host key for [file]:2200 has changed and you have requested strict > > checking. > > Host key verification failed > > > > It looks like host keys are changing, and the host key becomes unknown to > > both servers that are behind HAProxy. what do you recommend doing in a > case > > like this? > > That's what happens when you load-balance between 2 different SSH > servers with a different private key. What is it that you want to > achieve in the first place? > > > > cheers, > lukas > -- Regards, *Imam Toufique* *213-700-5485*