ssh-agent clustering
Damien Miller
djm at mindrot.org
Tue Nov 25 07:46:19 EST 2008
On Mon, 24 Nov 2008, Peter Stuge wrote:
> Garry Boyce wrote:
> > Hi.. I've looked through all the documentation and searched
> > numerous websites and I can't find any viable current way to
> > cluster ssh-agents.
>
> What technical solution do you have in mind?
One thing that might be useful it to support multiple agent sockets in
an SSH_AUTH_SOCK environment variable, e.g:
SSH_AUTH_SOCK=/tmp/ssh-sVvxW987/agent.987:/tmp/superhappyagent-8s3h9d2/sock.123
and have the clients try each in turn. I was thinking about this to support
a PKCS#11 agent, but you could use it for failover too.
On the other hand, I don't think there should be any resynchronisation
between agents as this would violate a security goal of the agent: that you
can put keys in, but never get them out in a usable form.
-d
More information about the openssh-unix-dev
mailing list