ad-hoc ssh agent + control persist

Francois Durand fdur559 at gmail.com
Mon Sep 23 03:10:22 EST 2013


Hi all,

I'm using ssh to deploy software remotely. I download stuff on the remote
box from git repositories over ssh using ssh deployment keys. For this to
work, I start locally an ad-hoc ssh agent loaded
with only the deployment keys, and forward it to the remote host. I can use
something like

ssh-agent my_sub_deployment_script

so that ad-hoc ssh agent only exists when needed. This alone works very
well.

One deployment needs several ssh connections. For obvious performance
reasons using control persistance (ControlPersist=60 for instance) is
highly desirable.

Here is the problem: if ssh-agent stops when last connection stops, the
master connection will be kept alive for 60s while the agent it is
forwarding no longer runs. If I keep the ssh agent running,
nothing will do the cleanup when the master connection stops and I'll end
up with many unused agents running.

I don't see anything simple to stop the agent when the master connection
using it stops.

Any ideas on this ?


More information about the openssh-unix-dev mailing list