Libguestfs - Jan 2016 - Re: v2v: error while killing ssh-agent after importing VM via xen+ssh

On 13.01.16 10:27, Richard W.M. Jones wrote:
> On Wed, Jan 13, 2016 at 09:55:53AM +0200, Shahar Havivi wrote:
> > Hi,
> > 
> > I am successfully importing VM from Xen server at oVirt project via
virt-v2v.
> > I am setting ssh-agent and running ssh-add before the import process,
> > after the import done I am trying to kill the agent via:
> > ssh-agent -k (and setting the SSH_AGENT_PID environment), but I get
the
> > following error:
> > kill: No such process
> > 
> > Can you please explain why there is no agent?
> 
> When you run:
> 
>    eval `ssh-agent`
I didn't run eval `ssh-agent` but ssh-agnet and then ssh-add (I needed the
SSH_AUTH_SOCK that return from ssh-agent since I am running two different
processes).
I guess I can read the environment SSH_AUTH_SOCK after run eval `ssh-agent`...

do you think there is a different between running with to without eval?
 
  Shahar.
> 
> ssh-agent starts up and creates several environment variables (which
> are added to the environment, because you use the eval `..`).
> In particular it sets SSH_AGENT_PID to its own PID.
> 
> ssh-agent -k is supposed to read SSH_AGENT_PID from the environment
> and kill the previously started ssh-agent process, basically killing
> that PID.
> 
> It works for me and for lots of other people, so I'm guessing you must
> either be running ssh-agent wrongly the first time, or getting the
> SSH_AGENT_PID environment variable mixed up somewhere.
> 
> > Do I need to delete the agent?
> 
> Not necessarily, but if you don't kill the agent then two bad things
> can happen: (1) You get lots of ssh-agent processes building up
> (2) The ssh-agent processes may be storing your unencrypted private
> keys.  Except that ...
> 
> > btw I am also running 'ssh-add -d' after the import process
with no problems.
> 
> ... ssh-add -d will remove the private key from the agent.  However
> the agent should still be running after this, so it would have no
> effect on whether ssh-agent -k would succeed.
> 
> Rich.
> 
> -- 
> Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> virt-df lists disk usage of guests without needing to install any
> software inside the virtual machine.  Supports Linux and Windows.
> http://people.redhat.com/~rjones/virt-df/

On Wed, Jan 13, 2016 at 12:49:19PM +0200, Shahar Havivi
wrote:
> On 13.01.16 10:27, Richard W.M. Jones wrote:
> > When you run:
> > 
> >    eval `ssh-agent`
>
> I didn't run eval `ssh-agent` but ssh-agnet and then ssh-add (I
> needed the SSH_AUTH_SOCK that return from ssh-agent since I am
> running two different processes).
>
> I guess I can read the environment SSH_AUTH_SOCK after run eval
> `ssh-agent`...
>
> do you think there is a different between running with to without eval?
Yes - very different.  If you don't use the eval then no SSH_*
environment variables are set.

What probably happened just after that is you added the key to your X
session's ssh-agent -- most desktop session managers start an instance
of ssh-agent for you.

Another way to run ssh-agent which may be more appropriate for
scripting is:

  ssh-agent command args ...

which runs the command straight after and kills ssh-agent when the
command ends.  It would be tempting to run:

  ssh-agent virt-v2v ...

but that won't work because you still have to arrange for the ssh key
to be added to virt-v2v's instance of ssh-agent.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW

On 13.01.16 12:13, Richard W.M. Jones wrote:
> On Wed, Jan 13, 2016 at 12:49:19PM +0200, Shahar Havivi wrote:
> > On 13.01.16 10:27, Richard W.M. Jones wrote:
> > > When you run:
> > > 
> > >    eval `ssh-agent`
> >
> > I didn't run eval `ssh-agent` but ssh-agnet and then ssh-add (I
> > needed the SSH_AUTH_SOCK that return from ssh-agent since I am
> > running two different processes).
> >
> > I guess I can read the environment SSH_AUTH_SOCK after run eval
> > `ssh-agent`...
> >
> > do you think there is a different between running with to without
eval?
> 
> Yes - very different.  If you don't use the eval then no SSH_*
> environment variables are set.
Since I am not running the command in the same shell the environment in the
command that run the ssh-agent are not relevant,
I do set them when I run the next command ssh-add and later when I run
virt-v2v.
 
  Shahar.
> 
> What probably happened just after that is you added the key to your X
> session's ssh-agent -- most desktop session managers start an instance
> of ssh-agent for you.
> 
> Another way to run ssh-agent which may be more appropriate for
> scripting is:
> 
>   ssh-agent command args ...
> 
> which runs the command straight after and kills ssh-agent when the
> command ends.  It would be tempting to run:
> 
>   ssh-agent virt-v2v ...
> 
> but that won't work because you still have to arrange for the ssh key
> to be added to virt-v2v's instance of ssh-agent.
> 
> Rich.
> 
> -- 
> Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> Fedora Windows cross-compiler. Compile Windows programs, test, and
> build Windows installers. Over 100 libraries supported.
> http://fedoraproject.org/wiki/MinGW