On Wed, Jan 30, 2013 at 8:56 AM, System Administrator <ad...@bitwise.net> wrote: > I finally got to deploy a CARP firewall cluster (HA failover for now). > Using only the official OpenBSD.org documentation, everything went very > smoothly even though the setup is not quite trivial (14 carp addresses > on 6 active interfaces). I even got system replication going using > rdist(1). > > While testing the failover and trying to ssh to a carp address I got > hit with the server key mismatch; hence this email. What is considered > best practice wrt ssh keys in a carp cluster -- install the same keys > on all member nodes to avoid the alerts or just live with the > occasional mismatch?
Don't monitor SSH on the CARP address.
