Re: *Now* what is starting ssh-agent?
On Thu, Jul 28, 2022 at 10:34:50AM -0300, Chris Mitchell wrote:
> From the output of systemd-cgls I see that the rogue ssh-agent process
> is part of the .scope CGroup corresponding to my X login session.
>
> # systemctl status session-8.scope
> ● session-8.scope - Session 8 of User chris
> Loaded: loaded (/run/systemd/transient/session-8.scope; transient)
> Transient: yes
> Active: active (running) since Thu 2022-07-28 08:59:48 ADT; 25min
> ago Tasks: 254
> Memory: 957.6M
> CPU: 2min 5.903s
> CGroup: /user.slice/user-1000.slice/session-8.scope
> ├─ 7588 lightdm --session-child 14 23
> ├─ 7625 xfce4-session
> ├─ 7687 /usr/bin/ssh-agent -s
> etc.
Looks like it's coming from login stuff, somehow.
Curious, I looked at my own session.
unicorn:~$ ps -ef | grep ssh-agent
greg 956 912 0 Jul09 ? 00:00:04 /usr/bin/ssh-agent /home/greg/.xsession
greg 968 1 0 Jul09 ? 00:00:00 ssh-agent -s
greg 1510760 984 0 10:24 pts/2 00:00:00 grep ssh-agent
unicorn:~$ systemctl status session-1.scope
● session-1.scope - Session 1 of user greg
Loaded: loaded (/run/systemd/transient/session-1.scope; transient)
Transient: yes
Active: active (running) since Sat 2022-07-09 08:23:23 EDT; 2 weeks 5 days>
Tasks: 1176
Memory: 9.7G
CPU: 1w 5d 8h 51min 25.285s
CGroup: /user.slice/user-1000.slice/session-1.scope
├─ 697 /bin/login -p --
├─ 856 -bash
├─ 871 /bin/sh /usr/bin/startx
├─ 893 xinit /etc/X11/xinit/xinitrc -- /etc/X11/xinit/xserverrc>
├─ 894 /usr/lib/xorg/Xorg -nolisten tcp :0 vt1 -keeptty -auth />
├─ 912 /bin/bash /home/greg/.xsession
├─ 956 /usr/bin/ssh-agent /home/greg/.xsession
├─ 968 ssh-agent -s
├─ 971 rxvt -font 7x13 -geometry 80x24+0+116
[...]
My .xsession file contains only this line concerning ssh-agent:
hash ssh-agent 2>/dev/null && eval "$(ssh-agent -s)"
So... in my case... "ssh-agent -s" (PID 968) is the one I requested. What
is the *other* one, PID 956? It's a child of 912 (shown earlier), so
let's trace that back:
unicorn:~$ ps -fp 912
UID PID PPID C STIME TTY TIME CMD
greg 912 893 0 Jul09 tty1 00:00:00 /bin/bash /home/greg/.xsessi
unicorn:~$ ps -fp 893
UID PID PPID C STIME TTY TIME CMD
greg 893 871 0 Jul09 tty1 00:00:00 xinit /etc/X11/xinit/xinitrc
/etc/X11/xinit/xinitrc is a shell script that contains only one non-comment
line:
. /etc/X11/Xsession
Looking for related stuff:
unicorn:~$ grep -r ssh-agent /etc/X11/Xsession*
/etc/X11/Xsession.d/90x11-common_ssh-agent:# $Id: 90x11-common_ssh-agent 305 2005-07-03 18:51:43Z dnusinow $
/etc/X11/Xsession.d/90x11-common_ssh-agent:SSHAGENT=/usr/bin/ssh-agent
/etc/X11/Xsession.d/90x11-common_ssh-agent:if has_option use-ssh-agent; then
/etc/X11/Xsession.d/90x11-common_ssh-agent: if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then
/etc/X11/Xsession.d/90x11-common_ssh-agent: # use ssh-agent2's ssh-agent1 compatibility mode
/etc/X11/Xsession.options:use-ssh-agent
So, I suppose Debian is starting this ssh-agent via its Xsession even
though I have my own .xsession file which is starting my own instance of
ssh-agent.
I guess you've already disabled that one...?
Anyway, your login is completely different from mine (you're using lightdm,
while I'm using a console login and startx), so you'll have to pursue your
own investigation from here.
Given the order of the processes shown in your session-8, it looks like
it might be an XFCE thing. Maybe start there? I can't help you with
that, though.
Reply to: