3.4p1 ssh-agent auth-retry patch available: was: Re: Updated ssh-agent authentication retry patch available
Kevin Currie
kcurrie at cisco.com
Wed Aug 21 02:57:48 EST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jos Backus wrote:
| That's what I thought as well, and so we racked it up to 256 (I think even
| higher - not sure what the maximum listen queue depth is on Solaris). But it
| did not work well enough (sorry, don't remember the details), hence this patch
| which is part of our standard distribution at work. We have a perl script
| which is used to routinely update hundreds of machines with a single command,
| and it works very well with this patch.
Even with this patch it still doesn't scale to the extent that
we'd like. I routinely run commands on ~8-10K hosts and it takes too
long to complete the runs. We've hacked around this by writing some
tools that launch 10 ssh-agents, and then command wrappers around
ssh/scp/etc that randomly connect to one of the agents for authentication.
By doing it this way, we are able to run hundreds of concurrent sessions with
out getting "permission denied" messages.
It would be nice if this type of thing was not required in the
future :-)
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Kevin Currie | | | |
~ SysAdmin/ECS Security | .|||. .|||. | Email:
~ Cisco Systems | ..:|||||||:...:|||||||:.. | kcurrie(at)cisco.com
~ Austin, Texas |---------------------------|
~~~~~~~~GPG/PGP public key: https://undertow.2y.net/kcurrie.pub~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE9YnUMPt/WS5aO4BwRAlA+AKDgnzphTSEa07irtGJH1zVE45tDqACdGSOP
2Zh4qRdQzRoqelsj+S6Oka8=
=E6xn
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list