Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.6.0
    • Labels:
      None

      Description

      Load Balancing and other higher availability services are included between client and SSHD server and works on TCP level. This makes an actual client address shown in the SSHD server to be a load balancer address, not a real client address. This makes it hard to use SSHD for multi-node production scenarios.

      There are several ways to solve the issue.
      The first one is to include complex TCP routing to have specific packets delivered correctly. This is too hard to setup

      It looks like using The PROXY Protocol is the possible, easy and more or less standard way to pass actual client/server addresses to the server over TCP. The protocol is implemented by a number of TCP-based servers (including nginx, Amazon Load Balancer, Apache, github enterprise, see the link below for details)

      Protocol specification is here
      http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt

        Attachments

          Activity

            People

            • Assignee:
              lgoldstein Goldstein Lyor
              Reporter:
              jonnyzzz Eugene Petrenko
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: