Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path

To: Daniel Kahn Gillmor <dkg@debian.org>, 1103522@bugs.debian.org
Cc: Antoine Le Gonidec <debian@vv221.fr>
Subject: Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 8 May 2025 22:32:11 +0100
Message-id: <[🔎] aB0i22V_z17JXRwx@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 1103522@bugs.debian.org
In-reply-to: <[🔎] 871psyg7k9.fsf@fifthhorseman.net>
References: <174498639667.3932913.11597799212161471652.reportbug@localhost> <[🔎] 87frhgf4lk.fsf@fifthhorseman.net> <[🔎] 20250508005044.2adfdf99@hal9000.dotslashplay.it> <[🔎] 877c2rfbb4.fsf@fifthhorseman.net> <[🔎] 20250508171806.5c8dbfaa@hal9000.dotslashplay.it> <174498639667.3932913.11597799212161471652.reportbug@localhost> <[🔎] 871psyg7k9.fsf@fifthhorseman.net> <174498639667.3932913.11597799212161471652.reportbug@localhost>

On Thu, May 08, 2025 at 04:40:22PM -0400, Daniel Kahn Gillmor wrote:

To fix this use case, we just need to tell systemd that any manual
attempt to start the ssh-agent service needs to ensure that the socket
is listening first.

We can do this with the following patch to the OpenSSH package's
ssh-agent.service file:

diff --git a/debian/systemd/ssh-agent.service b/debian/systemd/ssh-agent.service
index 72e0a3e46..19ea47c91 100644
--- a/debian/systemd/ssh-agent.service
+++ b/debian/systemd/ssh-agent.service
@@ -1,6 +1,8 @@
[Unit]
Description=OpenSSH Agent
Documentation=man:ssh-agent(1)
+Requires=ssh-agent.socket
+After=ssh-agent.socket

[Service]
Environment=SSH_ASKPASS_REQUIRE=force

I think After= is unnecessary. systemd.socket(5) says (bearing in mindthat Before= and After= are inverses, as one might expect from theirnames):

Socket units automatically gain a Before= dependency on the serviceunits they activate.

But adding just Requires= on its own sounds reasonable. I'll wait forconfirmation from Antoine that that works, but if so then I'm willing totry to get this into trixie.


--
Colin Watson (he/him)                              [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
  - From: Daniel Kahn Gillmor <dkg@debian.org>

References:
- Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
  - From: Daniel Kahn Gillmor <dkg@debian.org>
- Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
  - From: Antoine Le Gonidec <debian@vv221.fr>
- Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
  - From: Daniel Kahn Gillmor <dkg@debian.org>
- Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
  - From: Antoine Le Gonidec <debian@vv221.fr>
- Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
  - From: Daniel Kahn Gillmor <dkg@debian.org>

Prev by Date: Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
Next by Date: Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
Previous by thread: Processed: Re: Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
Next by thread: Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
Index(es):
- Date
- Thread