This patch against OpenSSH 3.2.3p1 implements an ssh-agent authentication retry mechanism which is useful when starting many ssh clients in a short period of time. The number of retries and the maximum delay between retries is runtime-configurable using AuthMaxRetries <integer> AuthRetryDelay <seconds> The patch is available at: http://www.catnook.com/patches/openssh-3.2.3p1-auth-retry.patch While I have no hopes of this being merged into the main OpenSSH distribution, perhaps other people may find it useful. Comments welcome. -- Jos Backus _/ _/_/_/ Santa Clara, CA _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ jos at catnook.com _/_/ _/_/_/ use Std::Disclaimer;
Kevin Currie
2002-Jul-17 19:04 UTC
3.4p1 ssh-agent auth-retry patch available: was: Re: Updated ssh-agent authentication retry patch available
I see Jos has updated his patch to work against 3.4p1, and I've applied it with success. From my standpoint, this patch is absolutely REQUIRED and ssh's utility is greatly reduced without it. It's simply impossible to run 30+ ssh-agent authenticated sessions at once without this patch-- you get WAY too many failures. I am 100% behind this being included in the main distribution, is there anybody who isn't?? For those that don't think this should be included, how do you propose to handle a large amount of concurrent authentications? comments welcome! Jos Backus wrote:> This patch against OpenSSH 3.2.3p1 implements an ssh-agent authentication > retry mechanism which is useful when starting many ssh clients in a short > period of time. The number of retries and the maximum delay between retries is > runtime-configurable using > > AuthMaxRetries <integer> > AuthRetryDelay <seconds> > > The patch is available at: > > http://www.catnook.com/patches/openssh-3.2.3p1-auth-retry.patch > > While I have no hopes of this being merged into the main OpenSSH distribution, > perhaps other people may find it useful. Comments welcome. >-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Kevin Currie | | | | SysAdmin/ECS Security | .|||. .|||. | email: Cisco Systems | ..:|||||||:...:|||||||:.. |kcurrie(at)cisco.com Austin, Texas |-----------------------------| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~