I've noticed a problem in the openssh sources. It can most easily be replicated as follows:> [rich at goblin] sl=1 ~ > 01:05:47$ ssh-agent -a ~/.ssh/agent.sock > SSH_AUTH_SOCK=/home/rich/.ssh/agent.sock; export SSH_AUTH_SOCK; > SSH_AGENT_PID=553; export SSH_AGENT_PID; > echo Agent pid 553; > > [rich at goblin] sl=1 ~ > 01:05:50$ ssh-agent -a ~/.ssh/agent.sock > bind: Address already in use > > [rich at goblin] sl=1 ~ > 01:05:53$ ssh-agent -a ~/.ssh/agent.sock > SSH_AUTH_SOCK=/home/rich/.ssh/agent.sock; export SSH_AUTH_SOCK; > SSH_AGENT_PID=558; export SSH_AGENT_PID; > echo Agent pid 558;The first ssh-agent survives the ordeal, but finds itself unreachable, and without purpose. I would suggest a couple of changes: 1) unless bind has been successful, don't unlink the socket. 2) teach ssh-agent to either die or rebind if his socket disappears. my pref would probably be death, as I find it more elegant than killing it with ssh-agent -k. The first probably wise for good manners, even though the second will solve the problem. note that:> su > ssh-agent -a /etc/passwdwould probably have unpleasant repercussions.
Rich wrote:> The first ssh-agent survives the ordeal, but finds itself unreachable, > and without purpose. > > I would suggest a couple of changes: > > 1) unless bind has been successful, don't unlink the socket.Yes, I agree. Patch attached.> 2) teach ssh-agent to either die or rebind if his socket disappears. > my pref would probably be death, as I find it more elegant than > killing it with ssh-agent -k.I don't think it can easily tell if its socket has been unlinked. It is probably unnecessary if 1 is done anyway.> The first probably wise for good manners, even though the second will > solve the problem. note that: > >>su >>ssh-agent -a /etc/passwd > > would probably have unpleasant repercussions.so would "rm -f /etc/passwd", so I think this falls into the case of "don't do that" :) -d -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: agentunlink.diff Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041004/ef124527/attachment.ksh
Apparently Analagous Threads
- ssh-agent and ssh-add with openssh-2.2.0p1 on Redhat 7
- [Bug 500] New: show how to start-up ssh-agent by default...
- 2.5.1p1 ssh-agent path problem in Solaris
- SOLVED: Re: Using perl-Net-SSH-Perl with pubkey authentication under CGI.
- Re: v2v: error while killing ssh-agent after importing VM via xen+ssh