- Newest
- Most votes
- Most comments
Client's request to GIT should load balanced to same server regardless of service, I mean HTTPS and SSH ? Than i dont think you could find the sollution from AWS native. You could use 3rd party sollutions like F5, NSX-ALB(AVI).
If its ok to load balance SSH and HTTPS to different target servers, you could consider using NLB instead of ALB.
Hello.
The only protocols that can be used with ALB are HTTP or HTTPS.
So SSH cannot be used.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-configuration
When using SSH, it is better to use NLB or set up a domain on EC2.
If you set up a domain on EC2, you may want to use a free certificate such as Let's Encrypto for issuing SSL certificates.
The error that occurs when multiple users connect via SSH may be due to Linux or SSH session limitations.
If it is an SSH error, check "/var/log/syslog" or "/var/log/secure" to see if any logs have appeared.
The error that occurs when multiple users connect via SSH may be due to Linux or SSH session limitations.
Yes, check MaxSessions in /etc/ssh/sshd_config:
MaxSessions Specifies the maximum number of open shell, login or subsystem (e.g. sftp) sessions permitted per network connection.
Thank you for your answers. I was able to have better understanding. In that case, what would be the realistic value for
MaxSessions
? Currently, I am using t3.medium instance, should I use a more "powerful" instance to accommodate, let's say 150 sessions?Thank you for your reply. MaxSessions for sshd is 10 by default. I think t3.medium can withstand about 150 simultaneous connections.
Yes, NLB is the only way to go for SSH load-balancing. Have a look at this article to see differences in details.
Relevant content
- asked 2 months ago
- Accepted Answerasked 2 months ago
- Accepted Answerasked 9 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
V. Thank you for the insight. Is it possible that I just "clone" my current instance and then use it as targets for both HTTPS and SSH in NLB? I haven't tried NLB yet that's why I am not familiar.