Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-Originating-IP: [68.101.155.172] X-Originating-Email: [karlm30 AT hotmail DOT com] From: "Karl M" To: cygwin AT cygwin DOT com Subject: Re: [ANNOUNCEMENT] Updated: keychain-2.0.3-1 Date: Thu, 27 Nov 2003 18:50:59 -0800 Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_549f_31f0_2407" Message-ID: X-OriginalArrivalTime: 28 Nov 2003 02:50:59.0640 (UTC) FILETIME=[741F5380:01C3B55A] ------=_NextPart_000_549f_31f0_2407 Content-Type: text/plain; format=flowed Hi All... I believe I found a small bug in the latest keychain. For Cygwin, keychain now does a "ps -e -u -f" to look for ssh-agent processes...I believe it should be a "ps -u -f" instead. The reason is as follows...the -e shows processes for all users. If multiple users have ssh-agent processes hanging around, keychain can find the wrong one and this produces some strange results. I may be the only one to see this because ssh-agent processes don't usually survive a logoff. I launch keychain from a service for each user (that wants the feature) so that the agent stays around for multiple logon/off sessions...that way, they live untill the next reboot. The attached patch file removes the -e option and also creates a third output file in the .keychain directory. The new file is ~/.keychain/${HOSTNAME}.cmd so that programs launched from a windows command shell can also use keychain. The second attachment is a script to launch keychain as a service for those interested in surviving multiple logon/off sessions. Just use it to create a service for each user that wants the feature. The service only sets up the ssh-agent. The keys are loaded from the .profile and the passphrase(s) are entered then. Thanks, ...Karl >From: Hack Kampbjorn >Reply-To: cygwin AT cygwin DOT com >To: cygwin AT cygwin DOT com >Subject: Re: [ANNOUNCEMENT] Updated: keychain-2.0.3-1 >Date: Tue, 25 Nov 2003 01:18:45 +0100 > >Steven Woody wrote: >>alreay have ssh-agent + ssh-add, why people need keychain? > >keychain is just a script around ssh-agent and ssh-add, you don't get any >functionality you can achieve with some little scripting using ssh-agent >and >ssh-add directly. > >If all you ever do with ssh-agent is `eval $(ssh-agent)` and you don't get >orphan agent in ps. Try `ps -e -u $(whoami) -f` do you have more than one >ssh-agent? If so take a look at keychain it will help you to kill all >orphan >agent and only start one no matter how many times you log in. > >I'm continually opening rxvt windows and closing them, before I used >keychain I >easily ended up with 10 agents or more (even if I stopped the agent in the >logout script). I was about to add some ssh-agent logic to my profile but >it was >easier (and faster) to make a cygwin package for keychain and change two >lines >in my .bash_profile (which I use on cygwin, linux, and *BSD, it should also >work on AIX, SunOS, Solaris, HP/UX ...). > >http://www.gentoo.org/proj/en/keychain.xml > >-- >Med venlig hilsen / Kind regards > >Hack Kampbjørn > > >-- >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >Problem reports: http://cygwin.com/problems.html >Documentation: http://cygwin.com/docs.html >FAQ: http://cygwin.com/faq/ > _________________________________________________________________ Need a shot of Hank Williams or Patsy Cline? The classic country stars are always singing on MSN Radio Plus. Try one month free! http://join.msn.com/?page=offers/premiumradio ------=_NextPart_000_549f_31f0_2407 Content-Type: text/plain; name="keychain-patch"; format=flowed Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="keychain-patch" --- /bin/keychain 2003-11-22 10:40:13.001000000 -0800 +++ ./keychain 2003-11-27 18:12:07.043715000 -0800 @@ -212,16 +212,17 @@ # .ssh-agent file with csh-compatible syntax. lockf is the lockfile, used # to serialize the execution of multiple ssh-agent processes started # simultaneously (only works if lockfile from the procmail package is # available. hostname=`uname -n` pidf="${keydir}/${hostname}-sh" cshpidf="${keydir}/${hostname}-csh" +cmdpidf="${keydir}/${hostname}.cmd" lockf="${keydir}/${hostname}-lock" if [ -f ${keydir} ] then echo "$0: ${keydir} is a file (it should be a directory;) please fix." exit 1 #Solaris 9 doesn't have -e; using -d.... elif [ ! -d ${keydir} ] @@ -245,17 +246,17 @@ echo $E "${GREEN}KeyChain ${version}; ${BLUE}http://www.gentoo.org/projects/keychain${OFF}" echo $E " Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL" fi me=`whoami` if [ "$cygwin" = "yes" ] then #for cygwin - psopts="-e -u $me -f" + psopts="-u $me -f" grepopts="-i" elif [ "$hpux" = "yes" ] then #for hp-ux psopts="-u $me -f" else psopts="FAIL" #-x option needed on MacOS X, but just in case it doesn't work on other arches we have a "-u $me -f" @@ -285,17 +286,17 @@ set $mypids mypids=$2 fi if [ "$myaction" = "stop" ] then # --stop tells keychain to kill the existing ssh-agent(s), then exit kill $mypids > /dev/null 2>&1 - rm -f "${pidf}" "${cshpidf}" "$lockf" 2> /dev/null + rm -f "${pidf}" "${cshpidf}" "${cmdpidf}" "$lockf" 2> /dev/null #`whoami` (rather than the $LOGNAME var) gives us the euid rather than the uid (what we want) if [ -z "$quietopt" ] then echo $E " ${GREEN}*${OFF} All ssh-agent(s) started by" `whoami` "are now stopped." echo fi exit 0 fi @@ -340,25 +341,29 @@ fi if [ -z "$quietopt" ] then echo $E " ${GREEN}*${OFF} All previously running ssh-agent(s) have been stopped." echo $E " ${GREEN}*${OFF} Initializing ${pidf} file..." fi # "> pidf" doesn't work ash. But it should work with any sh-compatible shell - > "$pidf" || { echo "$0: Cannot create ${pidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$lockf" 2> /dev/null; exit 1; } + > "$pidf" || { echo "$0: Cannot create ${pidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$cmdpidf" "$lockf" 2> /dev/null; exit 1; } [ -z "$quietopt" ] && echo $E " ${GREEN}*${OFF} Initializing ${cshpidf} file..." - > "$cshpidf" || { echo "$0: Cannot create ${cshpidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$lockf" 2> /dev/null; exit 1; } - chmod 0600 "$pidf" "$cshpidf" + > "$cshpidf" || { echo "$0: Cannot create ${cshpidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$cmdpidf" "$lockf" 2> /dev/null; exit 1; } + [ -z "$quietopt" ] && echo $E " ${GREEN}*${OFF} Initializing ${cmdpidf} file..." + > "$cmdpidf" || { echo "$0: Cannot create ${cshpidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$cmdpidf" "$lockf" 2> /dev/null; exit 1; } + chmod 0600 "$pidf" "$cshpidf" "$cmdpidf" [ -z "$quietopt" ] && echo $E " ${GREEN}*${OFF} Starting new ssh-agent" nohup ssh-agent -s | grep -v 'Agent pid' > "$pidf" . "$pidf" echo "setenv $SSH_AUTH_SOCK_NAME $SSH_AUTH_SOCK;" > "$cshpidf" echo "setenv $SSH_AGENT_PID_NAME $SSH_AGENT_PID;" >> "$cshpidf" + echo "@set $SSH_AUTH_SOCK_NAME=$SSH_AUTH_SOCK" > "$cmdpidf" + echo "@set $SSH_AGENT_PID_NAME=$SSH_AGENT_PID" >> "$cmdpidf" fi if [ -n "$clearopt" ] then echo $E " ${GREEN}*${OFF} \c" ssh-add -D fi ------=_NextPart_000_549f_31f0_2407 Content-Type: text/plain; name="keychain-service-install"; format=flowed Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="keychain-service-install" #!/bin/bash # keychain-service-install service-name user-name if [ "$1" = "" ]; then echo No service name exit 1 fi if [ "$2" = "" ]; then echo No user name exit 1 fi echo Stoping and removing old keychain service cygrunsrv --stop $1 cygrunsrv --remove $1 echo Installing new keychain service cygrunsrv --install $1 \ --args '/bin/keychain --noask --quiet' \ --dep 'OpenSSH' \ --disp "KeyChain $2" \ --desc "Creates a keychain (ssh-agent) process for $2." \ --path '/bin/bash' \ --user "$2" echo User $2 requires the Log on as a Service right ------=_NextPart_000_549f_31f0_2407 Content-Type: text/plain; charset=us-ascii -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ------=_NextPart_000_549f_31f0_2407--