*Now* what is starting ssh-agent?
Hi all,
I have my own systemd "user" .service unit that I like to use to start
ssh-agent the way I want it started, which works fine… except for the
neverending game of whack-a-mole tracking down and disabling various
legacy workarounds that go ahead and start ssh-agent unasked (or
emulate it, poorly, like gnome-keyring) and clobber my SSH_AUTH_SOCK
env-var.
Here's my service file:
$ cat /etc/systemd/user/ssh-agent.service
[Unit]
Description=SSH key agent
[Service]
Type=exec
# %t resolves to XDG_RUNTIME_DIR; see SPECIFIERS section in
systemd.unit(5)
ExecStart=/usr/bin/ssh-agent -D -a "%t/ssh-agent.socket"
[Install]
WantedBy=default.target
Sure enough, on a current laptop running Bookworm, even though I have
that service enabled and running, and I've gone through my list of
things to disable, there's a superfluous ssh-agent process running with
the default randomized socket location, and SSH_AUTH_SOCK has been
clobbered to point at that.
Here's what I know so far:
$ env | grep -i ssh
SSH_AUTH_SOCK=/tmp/ssh-XXXXXXZAaNOY/agent.3010
SSH_AGENT_PID=3011
$ ps ax | grep 3011
3011 ? Ss 0:00 /usr/bin/ssh-agent -s
$ pstree -ps 3011
systemd(1)───ssh-agent(3011)
Here I get confused. The path shown by ps rules out the possibility
that it's some other utility pretending to be ssh-agent. Unless I'm
mistaken, that pstree result indicates that this ssh-agent process was
started by systemd, but:
$ grep -rl ssh-agent /usr/lib/systemd/
/usr/lib/systemd/user-environment-generators/90gpg-agent
/usr/lib/systemd/user/gpg-agent-ssh.socket
/usr/lib/systemd/user/ssh-agent.service
Even though gpg-agent is running, I think it can be ignored because:
* it wouldn't show up in ps as "/usr/bin/ssh-agent",
* that environment generator only sets the SSH_AUTH_SOCK env-var if
"enable-ssh-support" is enabled per "gpgconf --list-options
gpg-agent", which it is not, and
* Those two ssh-related env-vars don't match gpg-agent's PID or
ssh-agent-socket path.
And /usr/lib/systemd/user/ssh-agent.service is not the culprit, because:
* /etc/systemd/user/ssh-agent.service has a higher priority, which
causes systemd to ignore the one under /usr/lib/, and
* /usr/lib/systemd/user/ssh-agent.service uses the socket location
"$XDG_RUNTIME_DIR/openssh_agent"
Continuing the search:
$ grep -rl ssh-agent /etc/systemd/
Returns one hit, which is my custom service file as shown above
$ grep -rl ssh-agent ~/.config/systemd/
Returns nothing, unsurprisingly.
Things that are already disabled:
* gnome-keyring is not installed
* /etc/X11/Xsession.options option use-ssh-agent is commented out
* XFCE4's "Application Autostart" config has no entry for ssh-agent
* XFCE4's "Launch GNOME services on startup" is disabled (If enabled,
this option launches gnome-keyring if available, which by default
would emulate ssh-agent and clobber the env-var)
* $ grep -rl ssh-agent ~/.config/autostart/ returns nothing, as expected
Anyone got any idea where I should look next to identify what's
actually starting that rogue ssh-agent process & clobbering my env-var,
and prevent it from doing so?
Cheers!
-Chris
PS. Please keep all replies on-list, thanks!
Reply to: