Mail Archives: cygwin/2005/11/30/23:02:06
Hi H.S....
Using keychain is only one way, it is not the only way. I no longer use
keychain.
I launch ssh-agent from a bash script that is run as a service from
cygrunsrv; it is run as the user, not as SYSTEM. This makes the ssh-agent
process survive Windows logout; I only have to enter a passphrase after
reboot. The bash script edits the user registry to define the environment
variable for the ssh-agent socket. It sends a message that the environment
has been updated and then waits on a sleeping child to keep the service
control manager happy.
The script looks like
$ cat /bin/secret-agent-service
#!/bin/bash
# Launch the ssh-agent from a service so it survives logoff.
# When the service stops, kill the ssh-agent.
trap "ssh-agent -k;
exit 0" TERM
# Clean up old files that may be left behind after a crash.
# The file permissions make this safe to do in a multi-user
# environment, but "/tmp" must be local to this host.
rm -rf /tmp/ssh-*
# Launch the ssh-agent.
eval $(ssh-agent)
# Provide the ssh-agent socket ID via the registry and broadcast
# the change in case the user is logged before we finish.
# Do not provide the ssh-agent PID to minimize the risk of
# killing the ssh-agent.
regtool -s set /HKEY_CURRENT_USER/Environment/SSH_AUTH_SOCK $SSH_AUTH_SOCK
sendchenv
# Wait quietly until the service is stopped.
while true; do
sleep 24h &
wait
done
In my .bash_profile I have
ssh-add -l >/dev/null 2>&1
if [ $? -eq 1 ]; then
ssh-add
fi
which checks if the agent is there and needs a passphrase, and if so,
invokes ssh-add and I enter my passphrase.
I will look at the new cygrunsrv changes and see if I can simplify things
and then propose a package.
This saves almost one second of CPU time when I start a bash window,
compared to using keychain (also launched as a service).
HTH,
...Karl
>From: "H.S." Subject: Re: how to make ssh-agent automatically
>Date: Wed, 30 Nov 2005 21:24:20 -0500
>
>Hi Karl,
>
>Karl M wrote:
> > Hi HS...
> >
> > You can use keychain (a package available from setup.exe).
> >
> > I do something like
> >
> > ssh-add -l >/dev/null 2>&1
> > if [ $? -eq 1 ]; then
> > ssh-add
> > fi
> >
> > in my .bash_profile, because keychain is slow when I launch several
> > windows.
>
>Okay, I will try that. BTW, just out of curosity, is using keychain only
>one of the methods to achieve this or is it the only method? I mean, is
>it possible to do this without keychain or any other packages and just
>with ssh and rsync and login/logout files and environment variables?
>
>
> >
> > Why do you kill the agent when you log out? (Windows will kill it when
> > you log off from windows.)
>
>Currently I was starting ssh-agent in cygwin command prompt window. And
>if I did not kill ssh-agent the window would not close upon exit. By
>killing if from .bash_logout solved that problem.
>
>thanks,
>->HS
>
> > If you want to keep the agent around from one login to the next, you can
> > launch the agent as a service. I used to do that with keychain, but for
> > performance reasons, I use ssh-agent and ssh-add directly. I plan on
> > proposing a package for doing this.
> >
> > HTH,
> >
> > ...Karl
> >
> >
>
>
>--
>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>Problem reports: http://cygwin.com/problems.html
>Documentation: http://cygwin.com/docs.html
>FAQ: http://cygwin.com/faq/
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -