Load balancing SFTP and the security of Linux server management through SSH

thetimetolearn · November 3, 2020, 7:28pm

Hi

I have a situational question regarding HAProxy and the security of the management of the server when using HAProxy to load balance SFTP servers.

With my current setup I’m running 2 ubuntu 20.04 servers. They each have their own IP and a virtual IP that floats back and forth between them with keepalived if there is a failure.

This has worked well. I’m now looking to add an SFTP cluser for HAProxy to load balance. SFTP incoming connections come in through port 22, the same port that remote management is done through ssh with. I would want to allow any IP to connect to the SFTP services but not expose the management of the my servers externally.

This could probably be solved by changing the port SSH uses, but I wanted to ask others and explore what other options there might be to solve this problem.

How have others solved this issue?

Thanks

thetimetolearn · November 3, 2020, 10:41pm

Thinking about it some more another way to solve this could be to bind the ssh.service to only the non floating IP for each server. That seems like it might be a good way to go about it.

Still interested in how others have handled this or thoughts.

Thanks again.

Topic		Replies	Views
Proxy ssh for only 1 server Help!	0	232	June 21, 2023
Loadbalance SSH connections, bind Vs Listen Help!	2	4048	November 11, 2020
Haproxy 2 network interfaces Help!	0	484	April 7, 2021
Global Load Balancing using Haproxy Help!	5	4327	May 9, 2017
Can I balance the traffic of my firewall with HAproxy? Help!	5	534	May 23, 2019

Load balancing SFTP and the security of Linux server management through SSH

Related topics