Load balancing SFTP and the security of Linux server management through SSH

thetimetolearn · November 3, 2020, 7:28pm

Hi

I have a situational question regarding HAProxy and the security of the management of the server when using HAProxy to load balance SFTP servers.

With my current setup I’m running 2 ubuntu 20.04 servers. They each have their own IP and a virtual IP that floats back and forth between them with keepalived if there is a failure.

This has worked well. I’m now looking to add an SFTP cluser for HAProxy to load balance. SFTP incoming connections come in through port 22, the same port that remote management is done through ssh with. I would want to allow any IP to connect to the SFTP services but not expose the management of the my servers externally.

This could probably be solved by changing the port SSH uses, but I wanted to ask others and explore what other options there might be to solve this problem.

How have others solved this issue?

Thanks

thetimetolearn · November 3, 2020, 10:41pm

Thinking about it some more another way to solve this could be to bind the ssh.service to only the non floating IP for each server. That seems like it might be a good way to go about it.

Still interested in how others have handled this or thoughts.

Thanks again.

Topic		Replies	Views
Proxy ssh for only 1 server Help!	0	183	June 21, 2023
Global Load Balancing using Haproxy Help!	5	3985	May 9, 2017
Can I balance the traffic of my firewall with HAproxy? Help!	5	502	May 23, 2019
Need guidance and help integrating squid with haproxy Help!	1	528	June 14, 2022
Request for comments: Load balancing between two connections to same host Help!	1	522	October 28, 2019

Load balancing SFTP and the security of Linux server management through SSH

Related Topics