I have to setup haproxy to load-balance SFTP connections. I can get this working fine if i bind the frontend end to an arbitrary port and loadbalance to backend_server:22. However I cannot do this in practice as I cannot force users to use a new port so I must use port 22 on my frontend and I cannot get this config working. I have tried modifying sshd config to listen on another address but no luck.
Must I bind to port 22 to successfully listen and loadbalance ssh connections (can i not just bind to port xx and listen on 22?)
Must I bind to port 22 to successfully listen and loadbalance ssh connections (can i not just bind to port xx and listen on 22?)
well, you must have a process already binding the port 22, that’s why HAProxy can’t bind it.
Fix this.
Whats the difference between listen vs bind?
A listen is a combination of a couple of proxies: client side proxy (frontend) and serverside proxy (backend).
A bind belongs to the frontend and tells HAProxy which IP and port it should collect traffic from.
Add secondary IP to your NIC (figure out yourself how to, depends on your flavor)
Tell SSH daemon to listen only on primary IP
edit /etc/ssh/sshd_config
Port 22
ListenAddress [NIC Primary IP]
(don’t forget to restart SSH daemon - ‘server ssh restart’)