Topic "Using WinSCP in against Clustered servers"

Author Message
leonhardtk

Guest


I have a problem, which we're trying to resolve.

I have a server, running the OpenSSH daemon (sshd) in an unix environment. My server is actually a three-node cluster. This means I have a hostnanme (Digiport), which points to one of three active servers. To the remote client, the Digiport cluster is the only hostname they know. They may actually point to either digiport1, digiport2 or digiport3, each with its own "hostkey". The problem the clients experience, is if their key was initialized on digiport1, and we failover to digiport3, the users get an error, that warns them of the different key for digiport.

Manually you can accept the new key, and assume the risk yourself. The developers of the application using WinSCP to SFTP to the digiport server, wants to automate this, and assume the risk for DIGIPORT, as this is all "scripted" behind the scenes. The users are not aware of the technical process, and shouldn't have to acknowledge anything. There is security document that explains the technical portion, but the users do not need to be part of the process.

The question:

How can the user have three seperate keys for one set of clustered servers? Or:
How can the script automatically accept the new key, without being prompted?

Please advise soonest to:

leonhark@stratcom.mil or
(402) 232-4971.

Thanks,

Kevin S. Leonhardt
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
leonhardtk wrote:
How can the user have three seperate keys for one set of clustered servers?

Not yet, but it is on TODO list.
Quote:
How can the script automatically accept the new key, without being prompted?

You cannot. And it is not planned as it is not a good idea at all.
_________________
Martin Prikryl
leonhardtk

Guest


Quote:
How can the script automatically accept the new key, without being prompted?

Quote:
You cannot. And it is not planned as it is not a good idea at all.


I certainly understand the "risks", especially with spoofing, etc. I guess I wanted an "easy" fix, as we are on a classified, "low" risk network. In this environment, we can accept more risk, than say on the Unclassified environment. On the other hand, if we invalid all the built-in security, why bother with SSH? Point taken.

Do you have an estimated time-frame, version you expect the "clustered environment" will be incorporated?

Thanks for your assistance,

Kevin S. Leonhardt
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
leonhardtk wrote:
Do you have an estimated time-frame, version you expect the "clustered environment" will be incorporated?

Sorry, I would not dare to give any schedule Sad
_________________
Martin Prikryl
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
This feature has been implemented already. It will be included into the next major release.
_________________
Martin Prikryl
tong

Guest


How can I have three seperate keys for one set of clustered servers?

Is it possible with the current WinScp version?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
tong wrote:
How can I have three seperate keys for one set of clustered servers?

Is it possible with the current WinScp version?

Yes.
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License