openssh unix dev - Feb 2003 - [Bug 500] show how to start-up ssh-agent by default...

http://bugzilla.mindrot.org/show_bug.cgi?id=500





------- Additional Comments From djm at mindrot.org  2003-02-24 12:43 -------
I think that:

[ -z "$SSH_AUTH_SOCK" ] && eval `ssh-agent -s`
[ -z "$SSH_AGENT_PID" ] || ssh-add -l >/dev/null 2>&1 ||
ssh-add

Is as effective and a lot more concise. 

On the other hand, fragile heuristics like:
> export SSH_AUTH_SOCK=`ls /tmp/ssh-*/agent.$SSH_AUTH_PID`
have no place in our documentation.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=500





------- Additional Comments From openssh at roumenpetrov.info  2003-02-24 22:36
-------
man ssh-agent:

NAME
     ssh-agent - authentication agent

SYNOPSIS
     ssh-agent [-a bind_address] [-c | -s] [-d] [command [args ...]]
[SNIP]


run commands:
mv .xsession .xsession-all
echo 'ssh-agent $HOME/.xsession-all' > .xsession
chmod +x .xsession

or edit global Xsession.

Tip:SuSe linux contain commented line like this:
SSH_AGENT=/usr/bin/ssh-agent
uncomment it and enjoy.








------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=500

hauser at acm.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org



------- Additional Comments From hauser at acm.org  2003-02-24 23:28 -------
Damien,

Thanks for your hint. I put this into my ~/.bashrc file.
Unfortunately - being a cygwin user - variables set when opening my first cygwin
shell window are not visible to the overall win2k system.
===> when starting a second window by the cygwin provided desktop shortcuts
etc.
     (i.e. not out of the first cygwin window) a second ssh-agent will be 
     started. What do you suggest as the most robust/concise way to
     safely handle this case?

Thx Ralf



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=500





------- Additional Comments From jmknoble at pobox.com  2003-02-25 08:38
-------
> when starting a second window by the cygwin provided desktop shortcuts etc.
> [...] a second ssh-agent will be started. 
 
http://freshmeat.net/projects/keychain/ 
 



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=500





------- Additional Comments From djm at mindrot.org  2003-02-25 09:56 -------
As I mentioned on the mailing list: use a single socket in a well-known place
(ssh-agent -a /path/to/socket). 

You could probably do something like:

SSH_AUTH_SOCK=/path/to/whereever
export SSH_AUTH_SOCK
[ -S $SSH_AUTH_SOCK ] || eval `ssh-agent -sa $SSH_AUTH_SOCK`

Then the first shell will start an agent which all others will use.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=500

djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From djm at mindrot.org  2003-02-25 09:56 -------
I must mention that these help requests have no place in a bug tracking system.
Please direct further discussion to the mailing list openssh-unix-dev at
mindrot.org





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=500

hauser at acm.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |VERIFIED



------- Additional Comments From hauser at acm.org  2003-03-06 01:12 -------
Damien,

Thanks for the hint. Unfortunately, your suggestion in
http://bugzilla.mindrot.org/show_bug.cgi?id=500#c5 appears not to work because
in my case, ssh-agent doesn't remove the SSH_AUTH_SOCK file when it
dies/gets
killed.
Thus, next time I log in (e.g. after a re-boot), the socket/file is still there,
but no ssh-agent available in memory nor will it be started.

It appears that 
<<SSH_AUTH_SOCK=/cygdrive/c/Data/temp/ssh_auth_sock
SSH_AGENT_RUNNING=`ps x | grep 'ssh-agent' |grep -v grep`
if [ "$SSH_AGENT_RUNNING" = "" ]; then
  rm $SSH_AUTH_SOCK
fi
export SSH_AUTH_SOCK
[ -S $SSH_AUTH_SOCK ] || eval `ssh-agent -sa $SSH_AUTH_SOCK`
[ -z "$SSH_AGENT_PID" ] || ssh-add -l >/dev/null 2>&1 ||
ssh-add>>
is working.

Furthermore, I am confused that you discarded this documentation enhancement
suggestion as "invalid".
To me, it appears that you have built an outstanding software with OpenSSH, but
for a JoeAnyUser like myself, it is overly hard to get started with it.
Assuming that you and your community do care about improving the daily security
practices and behaviour of the average users out there, I contend that improving
the documentation is by far the cheapest approach to boost more widespread
adoption of this wonderful product.
In this light, I also suggest not to discard simple and really cheap to
implement convenience features to the website such as a search function (see
http://bugzilla.mindrot.org/show_bug.cgi?id=478) - for us JoeAnyUsers, things
like that matter!

Anyway, once I get around it to convert my ssh-agent man-page extension
suggestion from html to troff's *.1
(http://bugzilla.mindrot.org/show_bug.cgi?id=481), I'll mention the
conclusion
of this discussion here too and I hope not to delay/bore the experts too much
with that    :)

Ralf



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=500





------- Additional Comments From djm at mindrot.org  2003-03-06 09:26 -------
The socket should disappear after the server stops listening, if this isn't
the
case you should chase it up with the cygwin people.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=500





------- Additional Comments From markus at openbsd.org  2003-03-06 09:52 -------
the agent's cleanup_socket() should handle this.

unless you kill -9....



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=500

hauser at acm.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vinschen at redhat.com



------- Additional Comments From hauser at acm.org  2003-03-06 17:14 -------
Thx for the hints, in this case, unfortunately shutdown/restart of win2k appear
to be equivalent to "kill -9" for the cygwin version of ssh-agent ...



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.