openssh unix dev - Sep 2013 - ad-hoc ssh agent + control persist

Hi all,

I'm using ssh to deploy software remotely. I download stuff on the remote
box from git repositories over ssh using ssh deployment keys. For this to
work, I start locally an ad-hoc ssh agent loaded
with only the deployment keys, and forward it to the remote host. I can use
something like

ssh-agent my_sub_deployment_script

so that ad-hoc ssh agent only exists when needed. This alone works very
well.

One deployment needs several ssh connections. For obvious performance
reasons using control persistance (ControlPersist=60 for instance) is
highly desirable.

Here is the problem: if ssh-agent stops when last connection stops, the
master connection will be kept alive for 60s while the agent it is
forwarding no longer runs. If I keep the ssh agent running,
nothing will do the cleanup when the master connection stops and I'll end
up with many unused agents running.

I don't see anything simple to stop the agent when the master connection
using it stops.

Any ideas on this ?

On Sun, Sep 22, 2013 at 07:10:22PM +0200, Francois Durand wrote:
[...]
> One deployment needs several ssh connections. For obvious performance
> reasons using control persistance (ControlPersist=60 for instance) is
> highly desirable.
[...]
> Any ideas on this ?
use "ssh -Oexit" and "ssh-agent -k" to explicitly stop the
connection
and agent as the last steps of your script?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.