Mail Archives: cygwin/2003/11/27/21:51:12
------=_NextPart_000_549f_31f0_2407
Content-Type: text/plain; format=flowed
Hi All...
I believe I found a small bug in the latest keychain. For Cygwin, keychain
now does a
"ps -e -u <username> -f" to look for ssh-agent processes...I believe it
should be a
"ps -u <username> -f" instead.
The reason is as follows...the -e shows processes for all users. If multiple
users have ssh-agent
processes hanging around, keychain can find the wrong one and this produces
some strange
results. I may be the only one to see this because ssh-agent processes don't
usually survive
a logoff. I launch keychain from a service for each user (that wants the
feature) so that the
agent stays around for multiple logon/off sessions...that way, they live
untill the next reboot.
The attached patch file removes the -e option and also creates a third
output file in the
.keychain directory. The new file is ~/.keychain/${HOSTNAME}.cmd so that
programs
launched from a windows command shell can also use keychain.
The second attachment is a script to launch keychain as a service for those
interested in
surviving multiple logon/off sessions. Just use it to create a service for
each user that wants
the feature. The service only sets up the ssh-agent. The keys are loaded
from the .profile
and the passphrase(s) are entered then.
Thanks,
...Karl
>From: Hack Kampbjorn <cygwin AT hack DOT kampbjorn DOT com>
>Reply-To: cygwin AT cygwin DOT com
>To: cygwin AT cygwin DOT com
>Subject: Re: [ANNOUNCEMENT] Updated: keychain-2.0.3-1
>Date: Tue, 25 Nov 2003 01:18:45 +0100
>
>Steven Woody wrote:
>>alreay have ssh-agent + ssh-add, why people need keychain?
>
>keychain is just a script around ssh-agent and ssh-add, you don't get any
>functionality you can achieve with some little scripting using ssh-agent
>and
>ssh-add directly.
>
>If all you ever do with ssh-agent is `eval $(ssh-agent)` and you don't get
>orphan agent in ps. Try `ps -e -u $(whoami) -f` do you have more than one
>ssh-agent? If so take a look at keychain it will help you to kill all
>orphan
>agent and only start one no matter how many times you log in.
>
>I'm continually opening rxvt windows and closing them, before I used
>keychain I
>easily ended up with 10 agents or more (even if I stopped the agent in the
>logout script). I was about to add some ssh-agent logic to my profile but
>it was
>easier (and faster) to make a cygwin package for keychain and change two
>lines
>in my .bash_profile (which I use on cygwin, linux, and *BSD, it should also
>work on AIX, SunOS, Solaris, HP/UX ...).
>
>http://www.gentoo.org/proj/en/keychain.xml
>
>--
>Med venlig hilsen / Kind regards
>
>Hack Kampbjørn
>
>
>--
>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>Problem reports: http://cygwin.com/problems.html
>Documentation: http://cygwin.com/docs.html
>FAQ: http://cygwin.com/faq/
>
_________________________________________________________________
Need a shot of Hank Williams or Patsy Cline? The classic country stars are
always singing on MSN Radio Plus. Try one month free!
http://join.msn.com/?page=offers/premiumradio
------=_NextPart_000_549f_31f0_2407
Content-Type: text/plain; name="keychain-patch"; format=flowed
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="keychain-patch"
--- /bin/keychain 2003-11-22 10:40:13.001000000 -0800
+++ ./keychain 2003-11-27 18:12:07.043715000 -0800
@@ -212,16 +212,17 @@
# .ssh-agent file with csh-compatible syntax. lockf is the lockfile, used
# to serialize the execution of multiple ssh-agent processes started
# simultaneously (only works if lockfile from the procmail package is
# available.
hostname=`uname -n`
pidf="${keydir}/${hostname}-sh"
cshpidf="${keydir}/${hostname}-csh"
+cmdpidf="${keydir}/${hostname}.cmd"
lockf="${keydir}/${hostname}-lock"
if [ -f ${keydir} ]
then
echo "$0: ${keydir} is a file (it should be a directory;) please fix."
exit 1
#Solaris 9 doesn't have -e; using -d....
elif [ ! -d ${keydir} ]
@@ -245,17 +246,17 @@
echo $E "${GREEN}KeyChain ${version};
${BLUE}http://www.gentoo.org/projects/keychain${OFF}"
echo $E " Copyright 2002 Gentoo Technologies, Inc.; Distributed under the
GPL"
fi
me=`whoami`
if [ "$cygwin" = "yes" ]
then
#for cygwin
- psopts="-e -u $me -f"
+ psopts="-u $me -f"
grepopts="-i"
elif [ "$hpux" = "yes" ]
then
#for hp-ux
psopts="-u $me -f"
else
psopts="FAIL"
#-x option needed on MacOS X, but just in case it doesn't work on other
arches we have a "-u $me -f"
@@ -285,17 +286,17 @@
set $mypids
mypids=$2
fi
if [ "$myaction" = "stop" ]
then
# --stop tells keychain to kill the existing ssh-agent(s), then exit
kill $mypids > /dev/null 2>&1
- rm -f "${pidf}" "${cshpidf}" "$lockf" 2> /dev/null
+ rm -f "${pidf}" "${cshpidf}" "${cmdpidf}" "$lockf" 2> /dev/null
#`whoami` (rather than the $LOGNAME var) gives us the euid rather than the
uid (what we want)
if [ -z "$quietopt" ]
then
echo $E " ${GREEN}*${OFF} All ssh-agent(s) started by" `whoami` "are now
stopped."
echo
fi
exit 0
fi
@@ -340,25 +341,29 @@
fi
if [ -z "$quietopt" ]
then
echo $E " ${GREEN}*${OFF} All previously running ssh-agent(s) have been
stopped."
echo $E " ${GREEN}*${OFF} Initializing ${pidf} file..."
fi
# "> pidf" doesn't work ash. But it should work with any sh-compatible
shell
- > "$pidf" || { echo "$0: Cannot create ${pidf}; exiting." 1>&2; rm -f
"$pidf" "$cshpidf" "$lockf" 2> /dev/null; exit 1; }
+ > "$pidf" || { echo "$0: Cannot create ${pidf}; exiting." 1>&2; rm -f
"$pidf" "$cshpidf" "$cmdpidf" "$lockf" 2> /dev/null; exit 1; }
[ -z "$quietopt" ] && echo $E " ${GREEN}*${OFF} Initializing ${cshpidf}
file..."
- > "$cshpidf" || { echo "$0: Cannot create ${cshpidf}; exiting." 1>&2; rm
-f "$pidf" "$cshpidf" "$lockf" 2> /dev/null; exit 1; }
- chmod 0600 "$pidf" "$cshpidf"
+ > "$cshpidf" || { echo "$0: Cannot create ${cshpidf}; exiting." 1>&2; rm
-f "$pidf" "$cshpidf" "$cmdpidf" "$lockf" 2> /dev/null; exit 1; }
+ [ -z "$quietopt" ] && echo $E " ${GREEN}*${OFF} Initializing ${cmdpidf}
file..."
+ > "$cmdpidf" || { echo "$0: Cannot create ${cshpidf}; exiting." 1>&2; rm
-f "$pidf" "$cshpidf" "$cmdpidf" "$lockf" 2> /dev/null; exit 1; }
+ chmod 0600 "$pidf" "$cshpidf" "$cmdpidf"
[ -z "$quietopt" ] && echo $E " ${GREEN}*${OFF} Starting new ssh-agent"
nohup ssh-agent -s | grep -v 'Agent pid' > "$pidf"
. "$pidf"
echo "setenv $SSH_AUTH_SOCK_NAME $SSH_AUTH_SOCK;" > "$cshpidf"
echo "setenv $SSH_AGENT_PID_NAME $SSH_AGENT_PID;" >> "$cshpidf"
+ echo "@set $SSH_AUTH_SOCK_NAME=$SSH_AUTH_SOCK" > "$cmdpidf"
+ echo "@set $SSH_AGENT_PID_NAME=$SSH_AGENT_PID" >> "$cmdpidf"
fi
if [ -n "$clearopt" ]
then
echo $E " ${GREEN}*${OFF} \c"
ssh-add -D
fi
------=_NextPart_000_549f_31f0_2407
Content-Type: text/plain; name="keychain-service-install"; format=flowed
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="keychain-service-install"
#!/bin/bash
# keychain-service-install service-name user-name
if [ "$1" = "" ]; then
echo No service name
exit 1
fi
if [ "$2" = "" ]; then
echo No user name
exit 1
fi
echo Stoping and removing old keychain service
cygrunsrv --stop $1
cygrunsrv --remove $1
echo Installing new keychain service
cygrunsrv --install $1 \
--args '/bin/keychain --noask --quiet' \
--dep 'OpenSSH' \
--disp "KeyChain $2" \
--desc "Creates a keychain (ssh-agent) process for $2." \
--path '/bin/bash' \
--user "$2"
echo User $2 requires the Log on as a Service right
------=_NextPart_000_549f_31f0_2407
Content-Type: text/plain; charset=us-ascii
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
------=_NextPart_000_549f_31f0_2407--
- Raw text -