I finally got to deploy a CARP firewall cluster (HA failover for now). Using only the official OpenBSD.org documentation, everything went very smoothly even though the setup is not quite trivial (14 carp addresses on 6 active interfaces). I even got system replication going using rdist(1).
While testing the failover and trying to ssh to a carp address I got hit with the server key mismatch; hence this email. What is considered best practice wrt ssh keys in a carp cluster -- install the same keys on all member nodes to avoid the alerts or just live with the occasional mismatch? Thanks in advance. OpenBSD 5.2-stable (GENERIC.MP) #0: Tue Jan 1 19:44:42 EST 2013
