Re: Unwanted autostarted ssh-agent - 5.3p1 behavior change from 5.2p1?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Dec 13, 2009 at 10:13:54PM -0500, Brother Railgun of Reason wrote:
> I'm trying to isolate a behavioral change in OpenSSH.  This change is 
> present on only one of my machines so far.  It is the only Gentoo 
> install I have up, running and complete at this time; it is ALSO the 
> only machine I have - yet - which is running OpenSSH 5.3p1.  All the 
> rest are running 5.2p1.

It very likely has nothing to do with OpenSSH per se, though I'm not
an authority on what recent releases of SSH code are doing.  However,
some distros and/or desktop environments are now doing this for you by
default.  The idea here is that the only sensible way to start an
ssh-agent is in the parent process of your X session (which is mostly
true, though if you're a power user, you may want something else).  In
so doing, you make the agent available to all shell sessions started
by your X session.  In general, this is a Good Thing.

The standard way for users to do this themselves is to create (or edit)
~/.xsession, make it an executable shell script, and do something like
this in it:

  ssh-agent gnome-session

Of course, Unix/Linux/etc. being what it is, there are a hundred
variations on this theme, including yours.  The desire to do this is
so common nowadays that a lot of desktop environment types think they
should just do it for you automatically, or at least present the
option.  The trouble is that the control of the starting up of an X
session is a bit esoteric, and lots of people who use it (including
some distro and desktop environment makers) don't seem to understand
all the details (unsurprisingly; as I said, it's esoteric), and you
end up with a lot of different brain-damaged customizations to the
standard X startup scripts, some of which cause the above method to
not work.  For example, the GNOME and/or Ubuntu folks screwed this up
pretty nicely here:

  https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/398300

But I'm off on tangent, sorry. KDE has also done their own thing,
where if you have the right magic in a config file, it will set up
ssh-agent for you.  And, at least on Ubuntu, there's a bit of shell
code in /etc/X11/Xsession.d/90x11-common_ssh-agent that decides
whether or not to automatically start an ssh-agent for you, again
based on some esoteric config file.

A quick search turns up this:

  http://www.gentoo.org/doc/en/keychain-guide.xml?style=printable

It may contain the info you need, especially in the section "Using
keychain with KDE" if you're a KDE user.  Otherwise, you will probably
have to fish around in /etc/X11 for something that starts ssh-agent.
If you're in that boat, I'd try something like this:

  # cd /etc/X11; grep -r -i 'ssh-agent' *

Happy hunting!

-- 
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D

Attachment: pgpjZvcBlgD9W.pgp
Description: PGP signature


[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux