Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <421D0C0E.1030002@kleckner.net>
Date: Wed, 23 Feb 2005 15:04:46 -0800
From: Jim Kleckner <jek-cygwin1 AT kleckner DOT net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: ssh-agent and /tmp/ssh-* removal at logout
References: <BAY19-F314C20D97A2B353BFFB14BB5630 AT phx DOT gbl>
In-Reply-To: <BAY19-F314C20D97A2B353BFFB14BB5630@phx.gbl>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Karl M wrote:

>> From: Jim Kleckner
>> Subject: ssh-agent and /tmp/ssh-* removal at logout
>> Date: Wed, 23 Feb 2005 06:18:50 -0800
>>
>> ssh-agent leaves stale directories named /tmp/ssh-xxxx
>> that contain the named pipe for authentication.
>> These left over directories come about when you log out
>> or shut down the computer without stopping ssh-agent
>> either by running keychain to shut it down or sending it
>> a SIGHUP to exit and clean up.
>>
>> Could ssh-agent catch the shutdown message and thus
>> do the proper cleanup?  What would that entail?
>>
>> Jim
>>
>> I noticed that in Karl's script to start keychain:
>>  http://sourceware.org/ml/cygwin/2004-03/msg00167.html
>> that he removes any /tmp/ssh-* pre-existing and presumed
>> stale directories left over by dead ssh-agent processes
>> and this assumes that there is only one ssh-agent per machine.
>> Not as good as actually getting rid of the source of the
>> zombie directories.
>>
> Actually, it does not assume that there is only one ssh-agent process 
> per machine. I routinely use it with ssh-agents processes for multiple 
> users. The files for other users are protected so that they can not be 
> deleted. Thus, only the current user's tmp files are deleted.
> 
> I'm in the process of doing some clean-up work and trying out keychain 
> 2.5.1. I am also adding ${HOSTNAME}.cmd file creation for use with 
> Windows shell scripts. If there is interest, perhaps I should offer to 
> maintain keychain, with additional support for launching it from a 
> service. Launching keychain from a service allows the ssh-agent process 
> to survive logout, so you only type a passphrase once per reboot instead 
> of once per login.
> 
> Thanks,
> 
> ...Karl

Ah, I see.  I had assumed that persons logged in with Administrator
privileges would blow them all away.

Having the service seems like a nice arrow in the quiver.

I don't think I would want my personal keyring to persist
across my sessions, though.  Kind of like leaving the key
in the car ignition while parked.  I can see that it could be
useful for daemon processes though.

Jim

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/