ssh-agent clustering

Garry Boyce garry.boyce at eds.com
Wed Nov 26 03:01:50 EST 2008


Sounds like this fits the bill:
http://www.idaemons.org/projects/ssh-agent-proxy/

Do you agree? 

-----Original Message-----
From: openssh-unix-dev-bounces+garry.boyce=eds.com at mindrot.org
[mailto:openssh-unix-dev-bounces+garry.boyce=eds.com at mindrot.org] On Behalf
Of Daniel Kahn Gillmor
Sent: Monday, November 24, 2008 3:04 PM
To: Portable OpenSSH Development List
Subject: Re: ssh-agent clustering

On Mon 2008-11-24 13:02:05 -0500, Garry Boyce wrote:

> Hi.. I've looked through all the documentation and searched numerous 
> websites and I can't find any viable current way to cluster 
> ssh-agents.

It sounds to me like what you're looking to implement could be done without
modifying existing ssh-agent implementations.

You'd want to build some sort of intermediate agent that maintains tunnels
to various external agents, and monitors the state of those tunnels.  It
would accept ssh agent requests itself, and forward them on to the relevant
remote agents.  When one tunnel goes down, it would redirect new requests to
the highest-priority still-functioning tunnel.

Your ssh processes would talk only to the intermediate agent, and would not
know what kind of things were happening behind the scenes.

        --dkg



More information about the openssh-unix-dev mailing list