This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cross region TCP proxy internal load balancer

Posted on 08-12-2024 07:34 PM
NaveenKota
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello everyone,

I have deployed a cross region TCP proxy internal load balancer with a front end for every region, when ever I hit my lb endpoint it is resolving both the frontend ip's and changes to another ip apart from one initial one getting error as "host key identification has changed" 

Can some one please help me to mitigate this error 

1 3 269
Topic Labels
3 REPLIES 3

Posted on --/--/---- --:-- AM
princesslyca
Staff
Reply posted on --/--/---- --:-- AM

Hi @NaveenKota,

Welcome to Google Cloud Community!

This mismatch happens when the host key in the ~/.ssh/known_hosts file doesn't match the VM's host key. See Host key does not match

Also, when an IP address changes, a machine is reinstalled or reimaged, a new SSH host key is generated. The old known key needs to be removed from the known_hosts file. 

This documentation provides  steps to remove all keys from known_host for gLinux & macOS, gWindows, Secure Shell users.

For further reference, you can check this publicly available related forum

See this similar thread can be found on another forum 

Let me know if this helps.

Posted on --/--/---- --:-- AM
NaveenKota
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @princesslyca ,

Thanks for the insights, Let's suppose my lb endpoint is example.com when I hit that endpoint it resolves to the load balancer front-end ip, for the first time it prompt to accept the host key for the front end ip that it hits for the first time and if it resolves to another ip I am getting this error and also I don't have access to those front-end servers as they are managed by GCP.

Posted on --/--/---- --:-- AM
AI
Staff
In response to NaveenKota
Reply posted on --/--/---- --:-- AM

The issue of load balancing SSH sessions is very old and very known. What you see is an intended behaviour of SSH implementation. SSH client stores the mapping of the host ip/name to the host key (which is unique for each host). Every time the client sees changes in the mapping it will assume something must have changed and will complain. Your options are:

  • disabling the key verification (see StrictHostKeyChecking)
  • sharing the host key between all servers (please note host key, not client key, which you are probably are doing already)
  • trying to add multiple host keys to the known_hosts file on the client
0 Likes
Top Labels in this Space
Top Solution Authors
View all