3.4p1 ssh-agent auth-retry patch available: was: Re: Updated ssh-agent authentication retry patch available

Kevin Currie kcurrie at cisco.com
Wed Aug 21 02:57:48 EST 2002

Hash: SHA1

Jos Backus wrote:

| That's what I thought as well, and so we racked it up to 256 (I think even
| higher - not sure what the maximum listen queue depth is on Solaris). But it
| did not work well enough (sorry, don't remember the details), hence this patch
| which is part of our standard distribution at work. We have a perl script
| which is used to routinely update hundreds of machines with a single command,
| and it works very well with this patch.

	Even with this patch it still doesn't scale to the extent that
we'd like.  I routinely run commands on ~8-10K hosts and it takes too
long to complete the runs.  We've hacked around this by writing some
tools that launch 10 ssh-agents, and then command wrappers around
ssh/scp/etc that randomly connect to one of the agents for authentication.
By doing it this way, we are able to run hundreds of concurrent sessions with
out getting "permission denied" messages.
	It would be nice if this type of thing was not required in the
future :-)

- --
~ Kevin Currie          |        |          |       |
~ SysAdmin/ECS Security |      .|||.      .|||.     |	  Email:
~ Cisco Systems         | ..:|||||||:...:|||||||:.. | kcurrie(at)cisco.com
~ Austin, Texas         |---------------------------|
~~~~~~~~GPG/PGP public key: https://undertow.2y.net/kcurrie.pub~~~~~~~~~~

Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the openssh-unix-dev mailing list