Details
-
New Feature
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
Load Balancing and other higher availability services are included between client and SSHD server and works on TCP level. This makes an actual client address shown in the SSHD server to be a load balancer address, not a real client address. This makes it hard to use SSHD for multi-node production scenarios.
There are several ways to solve the issue.
The first one is to include complex TCP routing to have specific packets delivered correctly. This is too hard to setup
It looks like using The PROXY Protocol is the possible, easy and more or less standard way to pass actual client/server addresses to the server over TCP. The protocol is implemented by a number of TCP-based servers (including nginx, Amazon Load Balancer, Apache, github enterprise, see the link below for details)
Protocol specification is here
http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt