Clarify copying host keys using HA GitLab w/ Load Balancer
The HA documentation on configuring additional application servers behind a load balancer lists step 3 (configure host keys) as optional:
Optional Configure host keys. Copy all contents(primary and public keys) inside /etc/ssh/ on the primary application server to /etc/ssh on all secondary servers. This prevents false man-in-the-middle-attack alerts when accessing servers in your High Availability cluster behind a load balancer.
If ssh
client is using StrictChecking
mode, not having host keys copied and configured will result in failure after receiving the man-in-the-middle-warning.
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I propose either:
- replacing "Optional" with "Recommended"
- providing alternative options or workarounds