Unwanted autostarted ssh-agent - 5.3p1 behavior change from 5.2p1?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm trying to isolate a behavioral change in OpenSSH.  This change is 
present on only one of my machines so far.  It is the only Gentoo 
install I have up, running and complete at this time; it is ALSO the 
only machine I have - yet - which is running OpenSSH 5.3p1.  All the 
rest are running 5.2p1.

I have a persistent-auth scheme that I have been using for over ten 
years.  It involves .bash_profile starting a persistent ssh-agent when I 
log into a machine on my network remotely via ssh for the first time, 
and saving the agent's environment variables in .ssh/agent.$HOSTNAME so 
that it can be sourced by subsequent logins by the same user, allowing 
the user to share the same ssh-agent across multiple successive or 
concurrent logins as long as it remains present.

On the one machine that has been updated to 5.3p1, however, and ONLY 
on that machine, an extra ssh-agent is being started "for me", NOT by 
me, which is screwing up my scripting.  It writes its variables into 
the subtly different .ssh/agent-$HOSTNAME, or if that already exists, 
.ssh/agent-$HOSTNAME-ssh.  I can't use this ssh-agent in the persistent 
manner described above because it self-terminates as soon as the login 
that it was started for exits.  This makes it about as much use to me as 
a bicycle to a fish.

Is this a behavioral change in OpenSSH?  If so, is there a way to 
disable it?  It's not useful to me, and in fact caused me quite a few 
headaches until I figured out what was going on.  For now, I'm resorting 
to killing the unwanted ssh-agent before starting my own, but this is a 
bit of a brute-force approach and not really ideal.  (But then, starting 
an ssh-agent by default for every remote login without even trying to 
find out whether the user or the system administrator wants one started 
or not doesn't seem to me like a very good idea in the first place.)


If it's NOT OpenSSH's doing, then I need to dig further into the Gentoo 
login auth system and try to find whether they're doing it.



-- 
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric@xxxxxxxxxxxxxx   alaric@xxxxxxxxxxxxx   phil@xxxxxxxxxxxxxxx
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux