Interest in ssh-agent connection retry patch?

Jos Backus josb at cncdsl.com
Sun Jan 27 14:22:09 EST 2002


On Sat, Jan 26, 2002 at 06:56:03PM -0800, Jos Backus wrote:
> On Sat, Jan 26, 2002 at 04:32:57PM -0800, Dan Kaminsky wrote:
> > Why is SSH failing to communicate with the agent?
> 
> Because ssh-agent can only serve so many connections in a given time period.
> We start between 50-100 ssh sessions within a short time period, and they all
> race to connect to the agent socket. Some of these ssh processes fail so they
> have to back off and retry. We could also have put the retry mechanism in the
> tool but in our case it seemed to make more sense to put this functionality in
> ssh.

To elaborate on this some more: by putting this functionality inside ssh this
type of ssh session failure is hidden from the tool in virtually all cases,
reducing the complexity of the tool and making the tool's output easier to
analyze by a human operator. Before adding this feature we were seeing lots of
``Permission denied'' errors, some of them caused by that particular ssh
session's inability to communicate with the agent, others by (say) genuine
misconfiguration of the remote host involved. It wasn't always easy to discern
between the various failure modes and this would cause our operators to have
to do more work.

-- 
Jos Backus                 _/  _/_/_/        Santa Clara, CA
                          _/  _/   _/
                         _/  _/_/_/             
                    _/  _/  _/    _/
josb at cncdsl.com     _/_/   _/_/_/            use Std::Disclaimer;



More information about the openssh-unix-dev mailing list