I'm trying to isolate a behavioral change in OpenSSH. This change is
present on only one of my machines so far. It is the only Gentoo
install I have up, running and complete at this time; it is ALSO the
only machine I have - yet - which is running OpenSSH 5.3p1. All the
rest are running 5.2p1.
I have a persistent-auth scheme that I have been using for over ten
years. It involves .bash_profile starting a persistent ssh-agent when I
log into a machine on my network remotely via ssh for the first time,
and saving the agent's environment variables in .ssh/agent.$HOSTNAME so
that it can be sourced by subsequent logins by the same user, allowing
the user to share the same ssh-agent across multiple successive or
concurrent logins as long as it remains present.
On the one machine that has been updated to 5.3p1, however, and ONLY
on that machine, an extra ssh-agent is being started "for me", NOT by
me, which is screwing up my scripting. It writes its variables into
the subtly different .ssh/agent-$HOSTNAME, or if that already exists,
.ssh/agent-$HOSTNAME-ssh. I can't use this ssh-agent in the persistent
manner described above because it self-terminates as soon as the login
that it was started for exits. This makes it about as much use to me as
a bicycle to a fish.
Is this a behavioral change in OpenSSH? If so, is there a way to
disable it? It's not useful to me, and in fact caused me quite a few
headaches until I figured out what was going on. For now, I'm resorting
to killing the unwanted ssh-agent before starting my own, but this is a
bit of a brute-force approach and not really ideal. (But then, starting
an ssh-agent by default for every remote login without even trying to
find out whether the user or the system administrator wants one started
or not doesn't seem to me like a very good idea in the first place.)
If it's NOT OpenSSH's doing, then I need to dig further into the Gentoo
login auth system and try to find whether they're doing it.
--
Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355
alaric@xxxxxxxxxxxxxx alaric@xxxxxxxxxxxxx phil@xxxxxxxxxxxxxxx
Renaissance Man, Unix ronin, Perl hacker, Free Stater
It's not the years, it's the mileage.
