Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Dev

[patch] Threading support in ssh-agent

 

 

OpenSSH dev RSS feed   Index | Next | Previous | View Threaded


alex at alemate

Mar 11, 2012, 11:57 AM

Post #1 of 7 (726 views)
Permalink
[patch] Threading support in ssh-agent

Hi all!

I do not know openssh patch policy so I am just sending
the patch to the mailing list. Sorry for inconvenience.
Ssh-agent seems to be too slow if you need to access thousands of
servers. This is a simple patch to enable threading in ssh2 authentication.
Patch adds "-p numthreads" option and defaults to the number of processors.

I've tested it as I could, but unfortunately I could check it
only in Linux environment. Though it shouldn't break anything.

Bye. Alex.
Attachments: ssh-agent-pthread.patch (24.3 KB)


keisial at gmail

Mar 11, 2012, 1:31 PM

Post #2 of 7 (695 views)
Permalink
Re: [patch] Threading support in ssh-agent [In reply to]

On 11/03/12 19:57, Alexander V Alekseev wrote:
> Hi all!
>
> I do not know openssh patch policy so I am just sending
> the patch to the mailing list. Sorry for inconvenience.
> Ssh-agent seems to be too slow if you need to access thousands of
> servers. This is a simple patch to enable threading in ssh2
> authentication.
> Patch adds "-p numthreads" option and defaults to the number of
> processors.
>
> I've tested it as I could, but unfortunately I could check it
> only in Linux environment. Though it shouldn't break anything.
>
> Bye. Alex.
You concurrently access thousands of servers? O_O What's your use case?
How does your threaded ssh-agent work with keys requiring confirmation?
Would the user be flooded with a SSH_ASKPASS instance per thread?

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


alex at alemate

Mar 11, 2012, 2:53 PM

Post #3 of 7 (692 views)
Permalink
Re: [patch] Threading support in ssh-agent [In reply to]

On Sun, 11 Mar 2012, Ángel González wrote:

> On 11/03/12 19:57, Alexander V Alekseev wrote:
>> Hi all!
>>
>> I do not know openssh patch policy so I am just sending
>> the patch to the mailing list. Sorry for inconvenience.
>> Ssh-agent seems to be too slow if you need to access thousands of
>> servers. This is a simple patch to enable threading in ssh2
>> authentication.
>> Patch adds "-p numthreads" option and defaults to the number of
>> processors.
>>
>> I've tested it as I could, but unfortunately I could check it
>> only in Linux environment. Though it shouldn't break anything.
>>
>> Bye. Alex.
> You concurrently access thousands of servers? O_O What's your use case?
Large server farm. Todays web services usually require some ;-)

> How does your threaded ssh-agent work with keys requiring confirmation?
> Would the user be flooded with a SSH_ASKPASS instance per thread?
We do not use it.


nkadel at gmail

Mar 11, 2012, 3:14 PM

Post #4 of 7 (695 views)
Permalink
Re: [patch] Threading support in ssh-agent [In reply to]

2012/3/11 Ángel González <keisial [at] gmail>

> On 11/03/12 19:57, Alexander V Alekseev wrote:
> > Hi all!
> >
> > I do not know openssh patch policy so I am just sending
> > the patch to the mailing list. Sorry for inconvenience.
> > Ssh-agent seems to be too slow if you need to access thousands of
> > servers. This is a simple patch to enable threading in ssh2
> > authentication.
> > Patch adds "-p numthreads" option and defaults to the number of
> > processors.
> >
> > I've tested it as I could, but unfortunately I could check it
> > only in Linux environment. Though it shouldn't break anything.
> >
> > Bye. Alex.
>
> You concurrently access thousands of servers? O_O What's your use case?
> How does your threaded ssh-agent work with keys requiring confirmation?
> Would the user be flooded with a SSH_ASKPASS instance per thread?
>
>
I can think of several. Scripting of network wide surveys, rsnapshot over
large environments, and Nagios over ssh plugins leap to mind.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


jamie.beverly at yahoo

Mar 11, 2012, 3:41 PM

Post #5 of 7 (696 views)
Permalink
Re: [patch] Threading support in ssh-agent [In reply to]

----- Original Message -----

> From: Nico Kadel-Garcia <nkadel [at] gmail>
> To: Ángel González <keisial [at] gmail>
> Cc: Alexander V Alekseev <alex [at] alemate>; openssh-unix-dev [at] mindrot
> Sent: Sunday, March 11, 2012 3:14 PM
> Subject: Re: [patch] Threading support in ssh-agent
>
> 2012/3/11 Ángel González <keisial [at] gmail>
>
>> On 11/03/12 19:57, Alexander V Alekseev wrote:
>> >        Hi all!
>> >
>> >    I do not know openssh patch policy so I am just sending
>> > the patch to the mailing list. Sorry for inconvenience.
>> >    Ssh-agent seems to be too slow if you need to access thousands of
>> > servers. This is a simple patch to enable threading in ssh2
>> > authentication.
>> > Patch adds "-p numthreads" option and defaults to the number
> of
>> > processors.
>> >
>> >    I've tested it as I could, but unfortunately I could check it
>> > only in Linux environment. Though it shouldn't break anything.
>> >
>> >        Bye. Alex.
>>
>> You concurrently access thousands of servers? O_O What's your use case?
>> How does your threaded ssh-agent work with keys requiring confirmation?
>> Would the user be flooded with a SSH_ASKPASS instance per thread?
>>
>>
> I can think of several. Scripting of network wide surveys, rsnapshot over
> large environments, and Nagios over  ssh plugins leap to mind.

I haven't looked over the patch, but I can confirm the real-world use-case for using ssh-agent for authentication on thousands of hosts concurrently.
I regularly ssh to several thousand hosts (several times a day on most days) for various reasons. Many uses are just to execute a single command on thousands of hosts in parallel and aggregate the output, other uses are as above. Up until now, I've just had my scripts automatically partition the work between multiple agents, usually with about 100-300 concurrent jobs per agent. Of course this means entering the password for the keys for multiple agents, which is an annoyance at after reboots.

I would wager this is a similar for others in the LSPE space.

So, while I can't speak to the patch, I can at least confirm the existance of the usecase.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


alex at alemate

Mar 20, 2012, 2:10 AM

Post #6 of 7 (671 views)
Permalink
Re: [patch] Threading support in ssh-agent [In reply to]

Hi all,

Is there any hope for threaded ssh-agent to be included in the
main trunk?


On Sun, 11 Mar 2012, Alexander V Alekseev wrote:

> Hi all!
>
> I do not know openssh patch policy so I am just sending
> the patch to the mailing list. Sorry for inconvenience.
> Ssh-agent seems to be too slow if you need to access thousands of
> servers. This is a simple patch to enable threading in ssh2 authentication.
> Patch adds "-p numthreads" option and defaults to the number of processors.
>
> I've tested it as I could, but unfortunately I could check it
> only in Linux environment. Though it shouldn't break anything.
>
> Bye. Alex.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


djm at mindrot

Mar 20, 2012, 4:19 PM

Post #7 of 7 (672 views)
Permalink
Re: [patch] Threading support in ssh-agent [In reply to]

On Tue, 20 Mar 2012, alex [at] alemate wrote:

> Hi all,
>
> Is there any hope for threaded ssh-agent to be included in the
> main trunk?

No, sorry - we have no desire to make any part of OpenSSH multithreaded,
especially something as sensitive as ssh-agent.

We might consider an alternate design that used fork() if it were simple
enough, but I'd encourage you to hold off as I plan on refactoring some
of the agent code in the next release.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

OpenSSH dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.