A host-level guardrail against outgoing-SSH connection leaks.
GuardARC enforces sane limits on outgoing SSH connections from a workstation to
configured remote servers, so that a runaway client — ARC,
a babysitter script, an ad-hoc ssh, anything — can never again overwhelm a
shared cluster's sshd.
Why this exists. On 2026-06-10 a bug in a client's SSH reconnect path leaked ~500 ESTABLISHED connections to a shared HPC cluster and overwhelmed its
sshd, causing a ~9.7-hour outage. The monitoring in place at the time made it worse: its health check SSHed the very server it was watching, so when the server was overloaded the probe hung and the monitor went blind for hours. GuardARC is the host-level safety net that would have caught and contained that independently — trusting no client, and never touching the remote server.
GuardARC is three independent layers, ordered weakest-trust → strongest-guarantee. Each works even if the others are down.
| Layer | Trust model | What it does |
|---|---|---|
| Gated Broker | cooperative | Clients (ARC/T3, opt-in) ask permission before connecting and back off gracefully → zero lost work. Best-effort; non-cooperating clients bypass it. |
| Bully Guard | trusts no one | Polls local ss -tnp, attributes connections to PIDs. On a misbehaving PID: SIGSTOP (stop growth) → ss --kill excess sockets (relieve the server) → Slack-alert → SIGCONT after cooldown. |
| Standing nft Rate-Cap | kernel-enforced | An always-on nftables rule caps the rate of new connections to server:22. Survives the poller crashing; hard-stops a storm at the source. |
- Never SSH a monitored server — everything is derived from local
ss. (The 9-hour blindness in the incident came from a monitor that SSHed the server.) - Signal strictly by PID — never
pkill -f <pattern>(self-kill footgun). - Self-exclude — the guard never counts or acts against its own PID.
- Lightweight — a quick
ssparse on a ~15–60 s interval; never a load source.
Early development. SocketInspector (the attribution foundation) is implemented
and tested; enforcement thresholds and the broker protocol are being finalized.
See the architecture docs for the full design.
git clone https://github.com/DanaResearchGroup/GuardARC.git
cd GuardARC
pip install -e ".[dev]"
pytest tests/ -ra -vvRequires Python 3.10+, Linux, ss (iproute2), and nft (nftables). Enforcement
needs root (sudo).
Architecture, installation, and usage: build locally with make -C docs html
(output in docs/build/html), or see the published docs.
MIT © Dana Research Group, Technion — Israel Institute of Technology