[[meta title="Monkeysphere interferes with clusterssh"]]
clusterssh is a package that allows you to control multiple ssh xterm
sessions at the same time.
When the monkeysphere-ssh-proxycommand is enabled and I launch 5 or more
cssh sessions, intermittently one or two out of every five will fail
with: Connection timed out during banner exchange.
I tried to debug by running:
MONKEYSPHERE_LOG_LEVEL=debug cssh -D -d <server1> <server2> etc.
However, while it produced some private data, it didn't give me any
insight into what was going wrong. Also, it didn't output any
Monkeysphere debugging info.
I had no luck with google and the error message being output.
This isn't a huge priority (it's not hard to disable the
monkeysphere-ssh-proxycommand before running cssh), however, it would be
nice to figure out why it's not working.
What do you mean by "produced some private data" when you set the log
level to DEBUG? Monkeysphere does not output any "private" data in
the sense of private keys or passwords or anything like that. Maybe
you mean the cssh debug mode outputs private data? or do you just
mean "info that you don't want to post here"? It might be useful to
see some output, so maybe you could just block out the nasty bits?
But I'm not sure it will help.
The problem may be due to the locking of the known_hosts file while
the proxycommand is running. At the moment, the
monkeysphere-ssh-proxycommand can only be run serially, since each
invocation will lock the known_hosts file while it updates it. I
think this is required, since we obviously can't have two invocations
modifying the file at the same time. However, it's probably possible
to decrease the amount of time it takes to update the file. It's not
done very efficiently at the moment. The file is locked basically at
the very begining, and is locked while all gpg interactions are done,
which are slow. I think it should be possible to take the gpg
interactions out of the loop.
I just tried cssh and it doesn't seem to work very well with my ssh
setup at all. For instance, the simultaneous ssh connections cause
simultaneous calls to the agent to get my permission to use the key,
which don't interact very well with each other. This of course is not
a monkeysphere problem but a general problem with trying to make
simultaneous ssh connections with an agent that want key use
confirmation.
-- jrollins
I can get cssh to work fine with a confirmation-required agent if i
turn off the monkeysphere proxycommand:
cssh -l username -o '-oProxyCommand=none' $(cat hostlist.txt)
with the proxycommand, i definitely get the "Connection timed out
during banner exchange" message.
However, i'm also able to get the cssh connection to work if i assert
that a longer connection timeout is acceptable:
cssh -l username -o '-oConnectTimeout=30' $(cat hostlist.txt)
Perhaps this is an acceptable workaround?
-- dkg