Interest in ssh-agent connection retry patch?

Jos Backus josb at cncdsl.com
Sun Jan 27 14:55:42 EST 2002


On Sat, Jan 26, 2002 at 07:34:46PM -0800, Dan Kaminsky wrote:
> Hmmm.  This a problem with file-oriented sockets, isn't it -- each
> connection blocks, because everyone's sharing the same socket.

The first ssh processes will block, waiting in the ssh-agent's listen() queue,
subsequent ssh processes get ECONNREFUSED. First I tried increasing the
listen() queue in ssh-agent, but that didn't really help much, and it's not
very portable (I have heard that there are UNIX versions which ignore any
value greater than 5).

> In return, however, we do get per-user authentication, which we *wouldn't*
> have with a loopback mechanism.
> 
> I don't know enough about socket level work to know if non-blocking/select()
> style loops could be applied to serve greater numbers of SSH clients --
> distaste for sockets drove me to libnet/libpcap :-)  But although your
> connection-retry solution is better than flat out failing, in the long term
> it'd be very good for the agent to be able to support more clients.

Yup.

-- 
Jos Backus                 _/  _/_/_/        Santa Clara, CA
                          _/  _/   _/
                         _/  _/_/_/             
                    _/  _/  _/    _/
josb at cncdsl.com     _/_/   _/_/_/            use Std::Disclaimer;



More information about the openssh-unix-dev mailing list