Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <BAY19-F28D23A0E8369079B0BE198B5640@phx.gbl>
X-Originating-Email: [karlm30 AT hotmail DOT com]
X-Sender: karlm30 AT hotmail DOT com
In-Reply-To: <421D0C0E.1030002@kleckner.net>
From: "Karl M" <karlm30 AT hotmail DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: ssh-agent and /tmp/ssh-* removal at logout
Date: Wed, 23 Feb 2005 16:20:28 -0800
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
X-OriginalArrivalTime: 24 Feb 2005 00:21:01.0444 (UTC) FILETIME=[B8521440:01C51A06]
X-IsSubscribed: yes



>From: Jim Kleckner
>Subject: Re: ssh-agent and /tmp/ssh-* removal at logout
>Date: Wed, 23 Feb 2005 15:04:46 -0800
>
>Karl M wrote:
>
>>>From: Jim Kleckner
>>>Subject: ssh-agent and /tmp/ssh-* removal at logout
>>>Date: Wed, 23 Feb 2005 06:18:50 -0800
>>>
>>>ssh-agent leaves stale directories named /tmp/ssh-xxxx
>>>that contain the named pipe for authentication.
>>>These left over directories come about when you log out
>>>or shut down the computer without stopping ssh-agent
>>>either by running keychain to shut it down or sending it
>>>a SIGHUP to exit and clean up.
>>>
>>>Could ssh-agent catch the shutdown message and thus
>>>do the proper cleanup?  What would that entail?
>>>
>>>Jim
>>>
>>>I noticed that in Karl's script to start keychain:
>>>  http://sourceware.org/ml/cygwin/2004-03/msg00167.html
>>>that he removes any /tmp/ssh-* pre-existing and presumed
>>>stale directories left over by dead ssh-agent processes
>>>and this assumes that there is only one ssh-agent per machine.
>>>Not as good as actually getting rid of the source of the
>>>zombie directories.
>>>
>>Actually, it does not assume that there is only one ssh-agent process per 
>>machine. I routinely use it with ssh-agents processes for multiple users. 
>>The files for other users are protected so that they can not be deleted. 
>>Thus, only the current user's tmp files are deleted.
>>
>>I'm in the process of doing some clean-up work and trying out keychain 
>>2.5.1. I am also adding ${HOSTNAME}.cmd file creation for use with Windows 
>>shell scripts. If there is interest, perhaps I should offer to maintain 
>>keychain, with additional support for launching it from a service. 
>>Launching keychain from a service allows the ssh-agent process to survive 
>>logout, so you only type a passphrase once per reboot instead of once per 
>>login.
>>
>>Thanks,
>>
>>...Karl
>
>Ah, I see.  I had assumed that persons logged in with Administrator
>privileges would blow them all away.
>
>Having the service seems like a nice arrow in the quiver.
>
>I don't think I would want my personal keyring to persist
>across my sessions, though.  Kind of like leaving the key
>in the car ignition while parked.  I can see that it could be
>useful for daemon processes though.
>
>Jim
>
I use it that way all the time, but I also have a password on my 
screensaver. So I have a good tradeoff between security and convenience.

Thanks,

...Karl



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/