By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Load balancer for SSH connections

0

I set-up a git server hosted in an EC2 instance. I used an ALB for it to use my certificate and domain. For HTTP/S connections it used the domain, however I cannot do the same with SSH. It still uses the Elastic IP for connections.

  • Git clone using HTTPS: git clone https://my.domain.com/username/myrepository.git
  • Git clone using SSH: git clone git@ec2-54-146-90-61.compute-1.amazonaws.com:username/myrepository.git

Is there a way for both connections to use my domain? Furthermore, when multiple users use SSH, some got connection time out. I would appreciate any advice.

Topics
ComputeNetworking & Content Delivery
Tags
Amazon EC2Application Load BalancerSecurity Group
Language
English
Vince
asked 9 months ago2595 views
2 Answers
2

Client's request to GIT should load balanced to same server regardless of service, I mean HTTPS and SSH ? Than i dont think you could find the sollution from AWS native. You could use 3rd party sollutions like F5, NSX-ALB(AVI).

If its ok to load balance SSH and HTTPS to different target servers, you could consider using NLB instead of ALB.

V
answered 9 months ago
  • Vince
    9 months ago

    V. Thank you for the insight. Is it possible that I just "clone" my current instance and then use it as targets for both HTTPS and SSH in NLB? I haven't tried NLB yet that's why I am not familiar.

1

Hello.
The only protocols that can be used with ALB are HTTP or HTTPS.
So SSH cannot be used.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-configuration

When using SSH, it is better to use NLB or set up a domain on EC2.
If you set up a domain on EC2, you may want to use a free certificate such as Let's Encrypto for issuing SSL certificates.

The error that occurs when multiple users connect via SSH may be due to Linux or SSH session limitations.
If it is an SSH error, check "/var/log/syslog" or "/var/log/secure" to see if any logs have appeared.

profile picture
EXPERT
Riku_Kobayashi
answered 9 months ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 9 months ago
profile picture
EXPERT
Steve_M
reviewed 9 months ago
  • Steve_M EXPERT
    9 months ago

    The error that occurs when multiple users connect via SSH may be due to Linux or SSH session limitations.

    Yes, check MaxSessions in /etc/ssh/sshd_config:

         MaxSessions
             Specifies the maximum number of open shell, login or
             subsystem (e.g. sftp) sessions permitted per network
             connection.
  • Vince
    9 months ago

    Thank you for your answers. I was able to have better understanding. In that case, what would be the realistic value for MaxSessions? Currently, I am using t3.medium instance, should I use a more "powerful" instance to accommodate, let's say 150 sessions?

  • Riku_Kobayashi EXPERT
    9 months ago

    Thank you for your reply. MaxSessions for sshd is 10 by default. I think t3.medium can withstand about 150 simultaneous connections.

  • Didier_Durand EXPERT
    9 months ago

    Yes, NLB is the only way to go for SSH load-balancing. Have a look at this article to see differences in details.

    https://medium.com/awesome-cloud/aws-difference-between-application-load-balancer-and-network-load-balancer-cb8b6cd296a4

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content