X-Spam-Check-By: sourceware.org Message-ID: X-Sender: karlm30 AT hotmail DOT com In-Reply-To: From: "Karl M" To: cygwin AT cygwin DOT com Subject: Re: how to make ssh-agent automatically Date: Wed, 30 Nov 2005 19:59:16 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Hi H.S.... Using keychain is only one way, it is not the only way. I no longer use keychain. I launch ssh-agent from a bash script that is run as a service from cygrunsrv; it is run as the user, not as SYSTEM. This makes the ssh-agent process survive Windows logout; I only have to enter a passphrase after reboot. The bash script edits the user registry to define the environment variable for the ssh-agent socket. It sends a message that the environment has been updated and then waits on a sleeping child to keep the service control manager happy. The script looks like $ cat /bin/secret-agent-service #!/bin/bash # Launch the ssh-agent from a service so it survives logoff. # When the service stops, kill the ssh-agent. trap "ssh-agent -k; exit 0" TERM # Clean up old files that may be left behind after a crash. # The file permissions make this safe to do in a multi-user # environment, but "/tmp" must be local to this host. rm -rf /tmp/ssh-* # Launch the ssh-agent. eval $(ssh-agent) # Provide the ssh-agent socket ID via the registry and broadcast # the change in case the user is logged before we finish. # Do not provide the ssh-agent PID to minimize the risk of # killing the ssh-agent. regtool -s set /HKEY_CURRENT_USER/Environment/SSH_AUTH_SOCK $SSH_AUTH_SOCK sendchenv # Wait quietly until the service is stopped. while true; do sleep 24h & wait done In my .bash_profile I have ssh-add -l >/dev/null 2>&1 if [ $? -eq 1 ]; then ssh-add fi which checks if the agent is there and needs a passphrase, and if so, invokes ssh-add and I enter my passphrase. I will look at the new cygrunsrv changes and see if I can simplify things and then propose a package. This saves almost one second of CPU time when I start a bash window, compared to using keychain (also launched as a service). HTH, ...Karl >From: "H.S." Subject: Re: how to make ssh-agent automatically >Date: Wed, 30 Nov 2005 21:24:20 -0500 > >Hi Karl, > >Karl M wrote: > > Hi HS... > > > > You can use keychain (a package available from setup.exe). > > > > I do something like > > > > ssh-add -l >/dev/null 2>&1 > > if [ $? -eq 1 ]; then > > ssh-add > > fi > > > > in my .bash_profile, because keychain is slow when I launch several > > windows. > >Okay, I will try that. BTW, just out of curosity, is using keychain only >one of the methods to achieve this or is it the only method? I mean, is >it possible to do this without keychain or any other packages and just >with ssh and rsync and login/logout files and environment variables? > > > > > > Why do you kill the agent when you log out? (Windows will kill it when > > you log off from windows.) > >Currently I was starting ssh-agent in cygwin command prompt window. And >if I did not kill ssh-agent the window would not close upon exit. By >killing if from .bash_logout solved that problem. > >thanks, >->HS > > > If you want to keep the agent around from one login to the next, you can > > launch the agent as a service. I used to do that with keychain, but for > > performance reasons, I use ssh-agent and ssh-add directly. I plan on > > proposing a package for doing this. > > > > HTH, > > > > ...Karl > > > > > > >-- >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >Problem reports: http://cygwin.com/problems.html >Documentation: http://cygwin.com/docs.html >FAQ: http://cygwin.com/faq/ > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/