zsh-users
 help / color / mirror / code / Atom feed
From: Vincent Lefevre <vincent@vinc17.org>
To: zsh-users@sunsite.dk
Subject: Re: Is zsh buggy in connection with screen?
Date: Tue, 22 Nov 2005 10:47:00 +0100	[thread overview]
Message-ID: <20051122094700.GP24980@ay.vinc17.org> (raw)
In-Reply-To: <b6c719b90511081409w67ff0910o941c21d63f8d2126@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 705 bytes --]

On 2005-11-08 17:09:42 -0500, Ian Langworth wrote:
> I have a similar problem with ssh-agent. New screen windows
> automatically get the updated environment when I've shelled freshly
> into the machine, but existing shells in windows need to run
> "latestssh."
[...]

I have my own solution for ssh, which is not related to screen,
since I sometimes have several shells on a machine, but without
necessarily using screen. This solution also supports connection
sharing. See the attached message.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / SPACES project at LORIA

[-- Attachment #2: Type: message/rfc822, Size: 7098 bytes --]

[-- Attachment #2.1.1: Type: text/plain, Size: 3002 bytes --]

This isn't a command, but a set of zsh scripts I've written.
I've attached them. If you want to use them, you basically
need to put these files somewhere in your $fpath, autoload
the corresponding functions with

  autoload -U _call_sshagent _call_sshadd kill_sshmasters

call _call_sshagent from your .zlogin and add the following
to your .zlogout:

# Unregister from ssh-agent and kill it if need be.
if [[ -n $SSH_AUTH_SOCK ]] then
  if [[ `whence -w _call_sshagent` == '_call_sshagent: function' ]] then
    _call_sshagent -r
  elif [[ -n $SSH_AGENT_PID ]] then
    eval `ssh-agent -k`
  fi
fi

and use the following wrappers:

ssh()
{
  _call_sshadd "$@"
  command ssh "$@"
}

slogin()
{
  _call_sshadd "$@"
  command slogin "$@"
}

scp()
{
  _call_sshadd "$@"
  command scp "$@"
}

sftp()
{
  _call_sshadd "$@"
  command sftp "$@"
}

Note: here, these wrappers are defined in .zalias (so is the autoload
line I've mentioned above), sourced by my .zshrc file. Also, I've set
SVN_SSH to $HOME/scripts/ssh; this script contains:

source ~/.zshenv
source ~/.zalias
unset DISPLAY
ssh -C "$@"

Note that $HOME/scripts must not be in $path to avoid an infinite
recursion. In fact, it would be more robust to dynamically remove
$HOME/scripts from $path before calling ssh, after resolving hard
and symbolic links. But there should be no problem if you do not
have '.' in your $path or if you have it at the end (having '.'
earlier in $path is a security problem anyway).

This way, one no longer needs to call ssh-agent and/or ssh-add
manually. The passphrase is automatically asked at the first
connection attempt and remembered until the last login shell
exits. However, one still needs to execute

  ssh -fMN <host>

manually for ssh connection caching. You can add lines to some ssh
wrapper to do that automatically, but you need to check for the
corresponding ControlSocket file first, otherwise there will be no
benefit; unfortunately this is not easy... About these problems,
you can see my bug report and followup here:

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=335697

Also, note that lsof is used to find the ssh master connection.
If you do not have lsof, the ssh master connection will not be
killed. The kill_sshmasters script has an echo line to let you
know that this connection is killed. So, you know what happens.

Standard disclaimer: use these scripts at your own risks. I've written
them with security in mind, but they haven't be reviewed by anyone
else. Also, I've written them for my config on various machines, and
I'm not sure they work correctly everywhere. You can still check that
ssh-agent is killed when you completely logout with a

  ssh host ps -aef | grep ssh-agent
              ^^^^
or other options depending on your system, and things like that.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / SPACES project at LORIA

[-- Attachment #2.1.2: _call_sshadd --]
[-- Type: text/plain, Size: 403 bytes --]

#!/usr/bin/env zsh

emulate -LR zsh

ssh-add -l >& /dev/null
local err=$?

if [[ $err -eq 2 ]] then
  _call_sshagent -l
  ssh-add -l >& /dev/null
  err=$?
fi

if [[ $err -eq 1 ]] then
  local file i
  file=()
  for i in id_rsa id_rsa-internal identity
  do
    [[ -f $HOME/.ssh/$i ]] && file=($file $HOME/.ssh/$i)
  done
  ssh-add $file
fi

true

# $Id: _call_sshadd 2770 2004-03-17 22:39:32Z lefevre $

[-- Attachment #2.1.3: _call_sshagent --]
[-- Type: text/plain, Size: 2535 bytes --]

#!/usr/bin/env zsh

# Usage: _call_sshagent [ -l | -r ]
#   -l: try to use an existing ssh-agent and change SSH_AUTH_SOCK
#       accordingly. This is useful for some non-login shells (no
#       possible clean-up by the .zlogout).
#   -r: remove the socket associated with the current process and
#       kill ssh-agent if there are no sockets any longer.

emulate -LR zsh

local link=/tmp/ssh-agent-$USER

local i=0
until (ln -s /dev/null $link.lock 2> /dev/null)
do
  [[ $i -eq 0 ]] && echo "$0: waiting for lock"
  if [[ $((++i)) -eq 4 ]] then
    echo "$0: can't lock $link"
    return
  fi
  sleep 2
done

local dir=`readlink $link`

if [[ $1 == -r ]] then

  if [[ -O $link && -d $dir && -O $dir && $SSH_AUTH_SOCK == $link/* ]] then
    local others
    rm -f $SSH_AUTH_SOCK
    unset SSH_AUTH_SOCK
    others=($dir/agent.*(N=))
    if [[ -z $others ]] then
      local pid=$(<$dir/ssh-agent.pid)
      rm -f $link $dir/ssh-agent.pid
      kill -TERM $pid
      kill_sshmasters
    fi
  else
    # Inconsistent data, try to kill ssh-agent in the standard way
    eval `ssh-agent -k`
  fi

elif [[ $1 == -l ]] then

  if [[ -O $link && -d $dir && -O $dir ]] then
    local old
    old=($link/agent.*(N=[1]))
    if [[ -S $old ]] then
      SSH_AUTH_SOCK=$old ssh-add -l >& /dev/null
      if [[ $? -ne 2 ]] then
        export SSH_AUTH_SOCK=$old
        unset SSH_AGENT_PID
      fi
    else
      echo "$0: $old isn't a socket"
    fi
  fi

else

  if [[ -O $link && -d $dir && -O $dir ]] then
    local old
    old=($link/agent.*(N=[1]))
    if [[ -S $old ]] then
      SSH_AUTH_SOCK=$old ssh-add -l >& /dev/null
      if [[ $? -eq 2 ]] then
        # The agent could not be contacted, assume that it has died
        rm -f $dir/agent.*(N) $dir/ssh-agent.pid && rmdir $dir
        rm -f $link
        rm -f $link.lock
        $0
        return
      fi
      local new=$link/agent.$$
      if [[ $new == $old ]] || ln -f $old $new; then
        export SSH_AUTH_SOCK=$new
        unset SSH_AGENT_PID
      else
        echo "$0: can't link $new -> $old"
      fi
    else
      echo "$0: $old isn't a socket"
    fi
  elif eval `ssh-agent`; then
    if ln -fs $SSH_AUTH_SOCK:h $link; then
      local old=$SSH_AUTH_SOCK
      echo $SSH_AGENT_PID > $link/ssh-agent.pid
      rm -f $link.lock
      $0 && rm -f $old
      return
    else
      echo "$0: can't symlink $dir -> $SSH_AUTH_SOCK:h"
    fi
  else
    echo "$0: can't call ssh-agent"
  fi

fi

rm -f $link.lock

# $Id: _call_sshagent 9482 2005-10-25 15:49:48Z lefevre $

[-- Attachment #2.1.4: kill_sshmasters --]
[-- Type: text/plain, Size: 393 bytes --]

#!/usr/bin/env zsh

# Kill the ssh master connections having no slaves.

emulate -LR zsh
local file pid pids

for file in /tmp/ssh-*(=N)
do
  pids=($(lsof -F f -U -a -c ssh -a "$file" 2>/dev/null))
  if [[ $#pids == 2 ]] then
    pid=${pids[1]#p}
    echo "kill $pid (socket $file)"
    kill -TERM $pid
  fi
done

# Never fail.
true

# $Id: kill_sshmasters 9485 2005-10-25 16:08:12Z lefevre $

      reply	other threads:[~2005-11-22  9:47 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-08 13:02 Sebastian Stein
2005-11-08 14:13 ` Vincent Lefevre
2005-11-08 17:44   ` Wayne Davison
2005-11-08 18:05     ` Wayne Davison
2005-11-08 18:16       ` Sebastian Stein
2005-11-08 18:44         ` Wayne Davison
2005-11-08 20:06         ` Paul Johnson
2005-11-08 22:34       ` Wayne Davison
2005-11-08 18:11     ` Sebastian Stein
2005-11-08 19:34       ` Tobias Gruetzmacher
2005-11-08 22:09     ` Ian Langworth
2005-11-22  9:47       ` Vincent Lefevre [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20051122094700.GP24980@ay.vinc17.org \
    --to=vincent@vinc17.org \
    --cc=zsh-users@sunsite.dk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).