Re: A question about ssh-agent

To: debian-user@lists.debian.org
Subject: Re: A question about ssh-agent
From: Vincent Lefevre <vincent@vinc17.net>
Date: Tue, 7 Feb 2012 17:36:35 +0100
Message-id: <[🔎] 20120207163635.GB7471@xvii.vinc17.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20120206195303.GA11248@big.lan.gnu>
References: <[🔎] 20120204080547.GA27796@big.lan.gnu> <[🔎] 4F2CE7C9.7000205@gmail.com> <[🔎] 87zkcz6lnj.fsf@turtle.gmx.de> <[🔎] 20120206103325.GA20394@xvii.vinc17.org> <[🔎] 20120206103947.GF22867@rail.eu.org> <[🔎] 20120206111205.GD20394@xvii.vinc17.org> <[🔎] 20120206195303.GA11248@big.lan.gnu>

On 2012-02-06 12:53:03 -0700, Paul E Condon wrote:
> On 20120206_121205, Vincent Lefevre wrote:
> > On 2012-02-06 11:39:47 +0100, Erwan David wrote:
> > > On Mon, Feb 06, 2012 at 11:33:25AM CET, Vincent Lefevre <vincent@vinc17.net> said:
> > > > On 2012-02-04 09:35:44 +0100, Sven Joachim wrote:
> > > > > Nope, this is the script that starts the ssh *server*.  The agent is
> > > > > started in /etc/X11/Xsession.d/90x11-common_ssh-agent, sourced from
> > > > > /etc/X11/Xsession (see Xsession(5).
> > > > 
> > > > But it shouldn't. It should be the user who decides whether he wants
> > > > to start ssh-agent (since it is a user process), not the admin.
> > > 
> > > Not necessarily : the user uses it or not through ssh-add.
> > 
> > Yes, but ssh-agent is still started even if the user doesn't want it.
> > On my machine, it was interfering with my own system to automatically
> > start ssh-agent when needed (until I changed my config to kill this
> > ssh-agent).
> 
> What config did you put you kill commands in? And what were those
> commands? I'm trying to understand how this thing works.

In my .xsession file, I have:

if [ -n "$SSH_AUTH_SOCK" ]; then
  echo "\$SSH_AUTH_SOCK is '$SSH_AUTH_SOCK'" >&2
  case "$SSH_AUTH_SOCK" in
    /tmp/ssh-agent-*)
      echo "--> _call_sshagent already started." >&2 ;;
    ?*)
      echo "--> ssh-agent started but useless; should be killed." >&2
      eval `ssh-agent -k` >&2 ;;
  esac
fi

If SSH_AUTH_SOCK is not set (which is the case when I use a display
manager such as gdm), the .xsession executes a zsh script that does
the following:

1. Register an SSH agent, setting SSH_AUTH_SOCK from a running agent
   or starting one.
2. Start the window manager.
3. [When logging out from the X session] Deregister the SSH agent.

This way I have a unique SSH agent for all my sessions (X, SSH, screen),
which is killed when the last session quits.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

References:
- A question about ssh-agent
  - From: Paul E Condon <pecondon@mesanetworks.net>
- Re: A question about ssh-agent
  - From: Scott Ferguson <prettyfly.productions@gmail.com>
- Re: A question about ssh-agent
  - From: Sven Joachim <svenjoac@gmx.de>
- Re: A question about ssh-agent
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: A question about ssh-agent
  - From: Erwan David <erwan@rail.eu.org>
- Re: A question about ssh-agent
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: A question about ssh-agent
  - From: Paul E Condon <pecondon@mesanetworks.net>

Prev by Date: Re: [OT] how to take care of hand
Next by Date: Re: apache defaulting to openssl instead of gnutls
Previous by thread: Re: A question about ssh-agent
Next by thread: Re: A question about ssh-agent
Index(es):
- Date
- Thread