Interest in ssh-agent connection retry patch?
Jos Backus
josb at cncdsl.com
Sun Jan 27 14:55:42 EST 2002
On Sat, Jan 26, 2002 at 07:34:46PM -0800, Dan Kaminsky wrote:
> Hmmm. This a problem with file-oriented sockets, isn't it -- each
> connection blocks, because everyone's sharing the same socket.
The first ssh processes will block, waiting in the ssh-agent's listen() queue,
subsequent ssh processes get ECONNREFUSED. First I tried increasing the
listen() queue in ssh-agent, but that didn't really help much, and it's not
very portable (I have heard that there are UNIX versions which ignore any
value greater than 5).
> In return, however, we do get per-user authentication, which we *wouldn't*
> have with a loopback mechanism.
>
> I don't know enough about socket level work to know if non-blocking/select()
> style loops could be applied to serve greater numbers of SSH clients --
> distaste for sockets drove me to libnet/libpcap :-) But although your
> connection-retry solution is better than flat out failing, in the long term
> it'd be very good for the agent to be able to support more clients.
Yup.
--
Jos Backus _/ _/_/_/ Santa Clara, CA
_/ _/ _/
_/ _/_/_/
_/ _/ _/ _/
josb at cncdsl.com _/_/ _/_/_/ use Std::Disclaimer;
More information about the openssh-unix-dev
mailing list