ssh-agent clustering

Garry Boyce garry.boyce at
Wed Nov 26 03:01:50 EST 2008

Sounds like this fits the bill:

Do you agree? 

-----Original Message-----
From: at
[ at] On Behalf
Of Daniel Kahn Gillmor
Sent: Monday, November 24, 2008 3:04 PM
To: Portable OpenSSH Development List
Subject: Re: ssh-agent clustering

On Mon 2008-11-24 13:02:05 -0500, Garry Boyce wrote:

> Hi.. I've looked through all the documentation and searched numerous 
> websites and I can't find any viable current way to cluster 
> ssh-agents.

It sounds to me like what you're looking to implement could be done without
modifying existing ssh-agent implementations.

You'd want to build some sort of intermediate agent that maintains tunnels
to various external agents, and monitors the state of those tunnels.  It
would accept ssh agent requests itself, and forward them on to the relevant
remote agents.  When one tunnel goes down, it would redirect new requests to
the highest-priority still-functioning tunnel.

Your ssh processes would talk only to the intermediate agent, and would not
know what kind of things were happening behind the scenes.


More information about the openssh-unix-dev mailing list