1

I have been looking for a solution that allows one to migrate an ssh session from one Linux box to another. I prefer an open source or free solution, but I can't even find a commercial solution either. I suspect this is not possible because an ssh session is closely tied to tty, port, and such.

Basically I have a setup that utilizes haproxy with keepalived which hands over incoming ssh connection to one Linux box in a pool of Linux boxes (hosts) with haproxy still acting as the reverse proxy / load balancer which doesn't allow direct connection from the ssh client to the ssh server (I read elsewhere this is possible). But in case of a failure of a Linux box, there is no way to migrate ssh sessions on said Linux box to one of the survivors.

Certainly the user can try to reconnect and would get a new ssh session but this is not what our users want.

Does anybody have a solution?

ks2000
  • 13
  • 2
  • 1
    Do they want unicorns too? That might be easier. – Michael Hampton Oct 08 '15 at 20:25
  • Quite easy, really. Well, if you don't mind a solution that breaks everything else. Setup virtualization cluster (I'm partial to xenserver), install a linux guest in HA mod, and you can migrate the guest, including it's ssh session, between the boxes. I guess that's not the solution your looking for, – Dani_l Oct 08 '15 at 21:07
  • Depending on your setup, virtualization might be an overall solution - setup enough guests for load balancing, all of them HA, on enough boxes to allow for any single box failure without overcommitments, and you might be golden. – Dani_l Oct 08 '15 at 21:11
  • I have set up something similar in the past but the issue remains that when I have to, for example, upgrade (and reboot) the kernel on a box that has ssh sessions, I still have to terminate those ssh sessions and that turned out to be unpopular. Somebody then recommended an upcoming ksplice/kpatch but that's years down the road and doesn't solve the issue with being able to migrate an ssh session. – ks2000 Oct 09 '15 at 19:50

1 Answers1

-1

Maybe, just maybe you can do this with heartbeat on Linux. It works for other stuff... I've done it with NFS. Though it makes me wonder if there would be an issue because of the encryption, since the client would fail over to a different daemon and maybe both systems wouldn't trust each other. Maybe if it was an unencrypted protocol, like rsh/rlogin.

I wrote a document way back that explains some of the heartbeat setup, though the document is related HA NFS. Maybe you can get something from it.

https://www.howtoforge.com/high-availability-nfs-with-drbd-plus-heartbeat

http://linux-ha.org/wiki/Heartbeat

Someone else asked this before and the answer was sort of the same

Failover/redundant SSH

Community
  • 1
Ryan Babchishin
  • 6,160
  • 2
  • 16
  • 36