Re: A question about ssh-agent
On 2012-02-06 12:53:03 -0700, Paul E Condon wrote:
> On 20120206_121205, Vincent Lefevre wrote:
> > On 2012-02-06 11:39:47 +0100, Erwan David wrote:
> > > On Mon, Feb 06, 2012 at 11:33:25AM CET, Vincent Lefevre <firstname.lastname@example.org> said:
> > > > On 2012-02-04 09:35:44 +0100, Sven Joachim wrote:
> > > > > Nope, this is the script that starts the ssh *server*. The agent is
> > > > > started in /etc/X11/Xsession.d/90x11-common_ssh-agent, sourced from
> > > > > /etc/X11/Xsession (see Xsession(5).
> > > >
> > > > But it shouldn't. It should be the user who decides whether he wants
> > > > to start ssh-agent (since it is a user process), not the admin.
> > >
> > > Not necessarily : the user uses it or not through ssh-add.
> > Yes, but ssh-agent is still started even if the user doesn't want it.
> > On my machine, it was interfering with my own system to automatically
> > start ssh-agent when needed (until I changed my config to kill this
> > ssh-agent).
> What config did you put you kill commands in? And what were those
> commands? I'm trying to understand how this thing works.
In my .xsession file, I have:
if [ -n "$SSH_AUTH_SOCK" ]; then
echo "\$SSH_AUTH_SOCK is '$SSH_AUTH_SOCK'" >&2
case "$SSH_AUTH_SOCK" in
echo "--> _call_sshagent already started." >&2 ;;
echo "--> ssh-agent started but useless; should be killed." >&2
eval `ssh-agent -k` >&2 ;;
If SSH_AUTH_SOCK is not set (which is the case when I use a display
manager such as gdm), the .xsession executes a zsh script that does
1. Register an SSH agent, setting SSH_AUTH_SOCK from a running agent
or starting one.
2. Start the window manager.
3. [When logging out from the X session] Deregister the SSH agent.
This way I have a unique SSH agent for all my sessions (X, SSH, screen),
which is killed when the last session quits.
Vincent Lefèvre <email@example.com> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)