Interest in ssh-agent connection retry patch?

Dan Kaminsky dan at doxpara.com
Sun Jan 27 14:34:46 EST 2002


> On Sat, Jan 26, 2002 at 04:32:57PM -0800, Dan Kaminsky wrote:
> > Why is SSH failing to communicate with the agent?
>
> Because ssh-agent can only serve so many connections in a given time
period.
> We start between 50-100 ssh sessions within a short time period, and they
all
> race to connect to the agent socket. Some of these ssh processes fail so
they
> have to back off and retry. We could also have put the retry mechanism in
the
> tool but in our case it seemed to make more sense to put this
functionality in
> ssh.

Hmmm.  This a problem with file-oriented sockets, isn't it -- each
connection blocks, because everyone's sharing the same socket.

In return, however, we do get per-user authentication, which we *wouldn't*
have with a loopback mechanism.

I don't know enough about socket level work to know if non-blocking/select()
style loops could be applied to serve greater numbers of SSH clients --
distaste for sockets drove me to libnet/libpcap :-)  But although your
connection-retry solution is better than flat out failing, in the long term
it'd be very good for the agent to be able to support more clients.

--Dan





More information about the openssh-unix-dev mailing list