[dak/master] security-master: use `ControlPersist`
Use OpenSSH's `ControlPersist` option instead of implementing an
approximation ourselves. This avoids an infinite sleep in case the
`ssh` call fails and the socket never appears.
---
config/debian-security/cron.buildd | 7 -------
config/homedir/ssh/security-config | 21 +++++++++++++++++++++
2 files changed, 21 insertions(+), 7 deletions(-)
create mode 100644 config/homedir/ssh/security-config
diff --git a/config/debian-security/cron.buildd b/config/debian-security/cron.buildd
index cd8a685..235a766 100755
--- a/config/debian-security/cron.buildd
+++ b/config/debian-security/cron.buildd
@@ -32,13 +32,6 @@ for dist in $DISTS; do
done
if [ ! -z "${dists}" ]; then
- # setup ssh master process
- ssh wbadm@buildd -S $SSH_SOCKET -MN 2> /dev/null &
- SSH_PID=$!
- while [ ! -S $SSH_SOCKET ]; do
- sleep 1
- done
- trap 'kill -TERM $SSH_PID' 0
for d in ${dists}; do
case ${d} in
oldoldstable)
diff --git a/config/homedir/ssh/security-config b/config/homedir/ssh/security-config
new file mode 100644
index 0000000..2dc0ab3
--- /dev/null
+++ b/config/homedir/ssh/security-config
@@ -0,0 +1,21 @@
+# Please edit the master copy in dak.git!
+# path: config/homedir/ssh/security-config
+
+ConnectTimeout 30
+ServerAliveInterval 30
+ForwardX11 no
+ForwardAgent no
+StrictHostKeyChecking yes
+PasswordAuthentication no
+BatchMode yes
+
+Host buildd
+ IdentityFile ~/.ssh/id_buildd
+ ControlMaster auto
+ ControlPath ~/.ssh/socket-buildd.debian.org
+ ControlPersist 60
+
+Host morgue-sync
+ Hostname stabile.debian.org
+ User dak
+ IdentityFile /srv/security-master.debian.org/s3kr1t/push_morgue
--
2.1.4
Reply to: