[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: *Now* what is starting ssh-agent?

On Thu, Jul 28, 2022 at 10:34:50AM -0300, Chris Mitchell wrote:
> From the output of systemd-cgls I see that the rogue ssh-agent process
> is part of the .scope CGroup corresponding to my X login session.
> 
> # systemctl status session-8.scope
> ● session-8.scope - Session 8 of User chris
>      Loaded: loaded (/run/systemd/transient/session-8.scope; transient)
>   Transient: yes
>      Active: active (running) since Thu 2022-07-28 08:59:48 ADT; 25min
> ago Tasks: 254
>      Memory: 957.6M
>         CPU: 2min 5.903s
>      CGroup: /user.slice/user-1000.slice/session-8.scope
>              ├─ 7588 lightdm --session-child 14 23
>              ├─ 7625 xfce4-session
>              ├─ 7687 /usr/bin/ssh-agent -s
>              etc.

Looks like it's coming from login stuff, somehow.

Curious, I looked at my own session.

unicorn:~$ ps -ef | grep ssh-agent
greg         956     912  0 Jul09 ?        00:00:04 /usr/bin/ssh-agent /home/greg/.xsession
greg         968       1  0 Jul09 ?        00:00:00 ssh-agent -s
greg     1510760     984  0 10:24 pts/2    00:00:00 grep ssh-agent

unicorn:~$ systemctl status session-1.scope
● session-1.scope - Session 1 of user greg
     Loaded: loaded (/run/systemd/transient/session-1.scope; transient)
  Transient: yes
     Active: active (running) since Sat 2022-07-09 08:23:23 EDT; 2 weeks 5 days>
      Tasks: 1176
     Memory: 9.7G
        CPU: 1w 5d 8h 51min 25.285s
     CGroup: /user.slice/user-1000.slice/session-1.scope
             ├─    697 /bin/login -p --
             ├─    856 -bash
             ├─    871 /bin/sh /usr/bin/startx
             ├─    893 xinit /etc/X11/xinit/xinitrc -- /etc/X11/xinit/xserverrc>
             ├─    894 /usr/lib/xorg/Xorg -nolisten tcp :0 vt1 -keeptty -auth />
             ├─    912 /bin/bash /home/greg/.xsession
             ├─    956 /usr/bin/ssh-agent /home/greg/.xsession
             ├─    968 ssh-agent -s
             ├─    971 rxvt -font 7x13 -geometry 80x24+0+116
             [...]

My .xsession file contains only this line concerning ssh-agent:

hash ssh-agent 2>/dev/null && eval "$(ssh-agent -s)"

So... in my case... "ssh-agent -s" (PID 968) is the one I requested.  What
is the *other* one, PID 956?  It's a child of 912 (shown earlier), so
let's trace that back:

unicorn:~$ ps -fp 912
UID          PID    PPID  C STIME TTY          TIME CMD
greg         912     893  0 Jul09 tty1     00:00:00 /bin/bash /home/greg/.xsessi
unicorn:~$ ps -fp 893
UID          PID    PPID  C STIME TTY          TIME CMD
greg         893     871  0 Jul09 tty1     00:00:00 xinit /etc/X11/xinit/xinitrc

/etc/X11/xinit/xinitrc is a shell script that contains only one non-comment
line:

. /etc/X11/Xsession

Looking for related stuff:

unicorn:~$ grep -r ssh-agent /etc/X11/Xsession*
/etc/X11/Xsession.d/90x11-common_ssh-agent:# $Id: 90x11-common_ssh-agent 305 2005-07-03 18:51:43Z dnusinow $
/etc/X11/Xsession.d/90x11-common_ssh-agent:SSHAGENT=/usr/bin/ssh-agent
/etc/X11/Xsession.d/90x11-common_ssh-agent:if has_option use-ssh-agent; then
/etc/X11/Xsession.d/90x11-common_ssh-agent:    if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then
/etc/X11/Xsession.d/90x11-common_ssh-agent:      # use ssh-agent2's ssh-agent1 compatibility mode
/etc/X11/Xsession.options:use-ssh-agent

So, I suppose Debian is starting this ssh-agent via its Xsession even
though I have my own .xsession file which is starting my own instance of
ssh-agent.

I guess you've already disabled that one...?

Anyway, your login is completely different from mine (you're using lightdm,
while I'm using a console login and startx), so you'll have to pursue your
own investigation from here.

Given the order of the processes shown in your session-8, it looks like
it might be an XFCE thing.  Maybe start there?  I can't help you with
that, though.
Reply to: