ssh-agent clustering
Boyce, Garry
garry.boyce at eds.com
Tue Nov 25 10:24:11 EST 2008
That sounds about right. How would you rate complexity?
-----Original Message-----
From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Sent: Monday, November 24, 2008 5:51 PM
To: Portable OpenSSH Development List <openssh-unix-dev at mindrot.org>
Subject: Re: ssh-agent clustering
On Mon 2008-11-24 13:02:05 -0500, Garry Boyce wrote:
> Hi.. I've looked through all the documentation and searched numerous
> websites and I can't find any viable current way to cluster
> ssh-agents.
It sounds to me like what you're looking to implement could be done
without modifying existing ssh-agent implementations.
You'd want to build some sort of intermediate agent that maintains
tunnels to various external agents, and monitors the state of those
tunnels. It would accept ssh agent requests itself, and forward them
on to the relevant remote agents. When one tunnel goes down, it would
redirect new requests to the highest-priority still-functioning tunnel.
Your ssh processes would talk only to the intermediate agent, and
would not know what kind of things were happening behind the scenes.
--dkg
More information about the openssh-unix-dev
mailing list