I believe I found a small bug in the latest keychain. For Cygwin, keychain now does a
"ps -e -u <username> -f" to look for ssh-agent processes...I believe it should be a
"ps -u <username> -f" instead.
The reason is as follows...the -e shows processes for all users. If multiple users have ssh-agent
processes hanging around, keychain can find the wrong one and this produces some strange
results. I may be the only one to see this because ssh-agent processes don't usually survive
a logoff. I launch keychain from a service for each user (that wants the feature) so that the
agent stays around for multiple logon/off sessions...that way, they live untill the next reboot.
The attached patch file removes the -e option and also creates a third output file in the
.keychain directory. The new file is ~/.keychain/${HOSTNAME}.cmd so that programs
launched from a windows command shell can also use keychain.
The second attachment is a script to launch keychain as a service for those interested in
surviving multiple logon/off sessions. Just use it to create a service for each user that wants
the feature. The service only sets up the ssh-agent. The keys are loaded from the .profile
and the passphrase(s) are entered then.
Thanks,
...Karl
From: Hack Kampbjorn <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [ANNOUNCEMENT] Updated: keychain-2.0.3-1 Date: Tue, 25 Nov 2003 01:18:45 +0100
Steven Woody wrote:alreay have ssh-agent + ssh-add, why people need keychain?
keychain is just a script around ssh-agent and ssh-add, you don't get any
functionality you can achieve with some little scripting using ssh-agent and
ssh-add directly.
If all you ever do with ssh-agent is `eval $(ssh-agent)` and you don't get
orphan agent in ps. Try `ps -e -u $(whoami) -f` do you have more than one
ssh-agent? If so take a look at keychain it will help you to kill all orphan
agent and only start one no matter how many times you log in.
I'm continually opening rxvt windows and closing them, before I used keychain I
easily ended up with 10 agents or more (even if I stopped the agent in the
logout script). I was about to add some ssh-agent logic to my profile but it was
easier (and faster) to make a cygwin package for keychain and change two lines
in my .bash_profile (which I use on cygwin, linux, and *BSD, it should also work on AIX, SunOS, Solaris, HP/UX ...).
http://www.gentoo.org/proj/en/keychain.xml
-- Med venlig hilsen / Kind regards
Hack Kampbjørn
-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
_________________________________________________________________
Need a shot of Hank Williams or Patsy Cline? The classic country stars are always singing on MSN Radio Plus. Try one month free! http://join.msn.com/?page=offers/premiumradio
--- /bin/keychain 2003-11-22 10:40:13.001000000 -0800 +++ ./keychain 2003-11-27 18:12:07.043715000 -0800 @@ -212,16 +212,17 @@ # .ssh-agent file with csh-compatible syntax. lockf is the lockfile, used # to serialize the execution of multiple ssh-agent processes started # simultaneously (only works if lockfile from the procmail package is # available.
hostname=`uname -n`
pidf="${keydir}/${hostname}-sh"
cshpidf="${keydir}/${hostname}-csh"
+cmdpidf="${keydir}/${hostname}.cmd"
lockf="${keydir}/${hostname}-lock"if [ -f ${keydir} ]
then
echo "$0: ${keydir} is a file (it should be a directory;) please fix."
exit 1
#Solaris 9 doesn't have -e; using -d....
elif [ ! -d ${keydir} ]
@@ -245,17 +246,17 @@
echo $E "${GREEN}KeyChain ${version}; ${BLUE}http://www.gentoo.org/projects/keychain${OFF}";
echo $E " Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL"
fi
me=`whoami`
if [ "$cygwin" = "yes" ]
then
#for cygwin
- psopts="-e -u $me -f"
+ psopts="-u $me -f"
grepopts="-i"
elif [ "$hpux" = "yes" ]
then
#for hp-ux
psopts="-u $me -f"
else
psopts="FAIL"
#-x option needed on MacOS X, but just in case it doesn't work on other arches we have a "-u $me -f"
@@ -285,17 +286,17 @@
set $mypids
mypids=$2
fi
if [ "$myaction" = "stop" ]
then
# --stop tells keychain to kill the existing ssh-agent(s), then exit
kill $mypids > /dev/null 2>&1
- rm -f "${pidf}" "${cshpidf}" "$lockf" 2> /dev/null
+ rm -f "${pidf}" "${cshpidf}" "${cmdpidf}" "$lockf" 2> /dev/null
#`whoami` (rather than the $LOGNAME var) gives us the euid rather than the uid (what we want)
if [ -z "$quietopt" ]
then
echo $E " ${GREEN}*${OFF} All ssh-agent(s) started by" `whoami` "are now stopped."
echo
fi
exit 0
fi
@@ -340,25 +341,29 @@
fi
if [ -z "$quietopt" ]
then
echo $E " ${GREEN}*${OFF} All previously running ssh-agent(s) have been stopped."
echo $E " ${GREEN}*${OFF} Initializing ${pidf} file..."
fi
# "> pidf" doesn't work ash. But it should work with any sh-compatible shell
- > "$pidf" || { echo "$0: Cannot create ${pidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$lockf" 2> /dev/null; exit 1; }
+ > "$pidf" || { echo "$0: Cannot create ${pidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$cmdpidf" "$lockf" 2> /dev/null; exit 1; }
[ -z "$quietopt" ] && echo $E " ${GREEN}*${OFF} Initializing ${cshpidf} file..."
- > "$cshpidf" || { echo "$0: Cannot create ${cshpidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$lockf" 2> /dev/null; exit 1; }
- chmod 0600 "$pidf" "$cshpidf"
+ > "$cshpidf" || { echo "$0: Cannot create ${cshpidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$cmdpidf" "$lockf" 2> /dev/null; exit 1; }
+ [ -z "$quietopt" ] && echo $E " ${GREEN}*${OFF} Initializing ${cmdpidf} file..."
+ > "$cmdpidf" || { echo "$0: Cannot create ${cshpidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$cmdpidf" "$lockf" 2> /dev/null; exit 1; }
+ chmod 0600 "$pidf" "$cshpidf" "$cmdpidf"
[ -z "$quietopt" ] && echo $E " ${GREEN}*${OFF} Starting new ssh-agent"
nohup ssh-agent -s | grep -v 'Agent pid' > "$pidf"
. "$pidf"
echo "setenv $SSH_AUTH_SOCK_NAME $SSH_AUTH_SOCK;" > "$cshpidf"
echo "setenv $SSH_AGENT_PID_NAME $SSH_AGENT_PID;" >> "$cshpidf"
+ echo "@set $SSH_AUTH_SOCK_NAME=$SSH_AUTH_SOCK" > "$cmdpidf"
+ echo "@set $SSH_AGENT_PID_NAME=$SSH_AGENT_PID" >> "$cmdpidf"
fi
if [ -n "$clearopt" ]
then
echo $E " ${GREEN}*${OFF} \c"
ssh-add -D
fi#!/bin/bash # keychain-service-install service-name user-name
if [ "$1" = "" ]; then echo No service name exit 1 fi
if [ "$2" = "" ]; then echo No user name exit 1 fi
echo Stoping and removing old keychain service cygrunsrv --stop $1 cygrunsrv --remove $1
echo Installing new keychain service cygrunsrv --install $1 \ --args '/bin/keychain --noask --quiet' \ --dep 'OpenSSH' \ --disp "KeyChain $2" \ --desc "Creates a keychain (ssh-agent) process for $2." \ --path '/bin/bash' \ --user "$2"
echo User $2 requires the Log on as a Service right
-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
