A few lines in .zshenv (re ssh-agent) disable scp and rsync?

A few lines in .zshenv (re ssh-agent) disable scp and rsync?

[rj]

[-- Attachment #1: Type: text/plain, Size: 1015 bytes --]



How might I resolve the fact that the presence of these lines at the bottom
of my .zshenv on a (NetBSD) ISP account


#--------------------------------------------------------------------
# Make sure ssh-agent dies on logout:
trap '
  test -n "SSH_AGENT_PID"  && eval `ssh-agent -k`
' 0

# If no agent is running and we have a terminal, run ssh-agent and ssh-add:
if [ "$SSH_AUTH_SOCK" = "" ]
then
  eval `ssh-agent`
  /usr/bin/tty > /dev/null && ssh-add
fi
#------------------------------------------------------------------


are causing me to be unable to transfer files between that account and my
home Ubuntu box using (either from my home box or from the other side)
rsync or scp?

I need to be able to create and kill ssh-agent as per the .zshenv entry
above.  (This was some recommended stuff from, I think, the O'Reilly
book on SSH.)

But I also need to use scp and rsync to move files and do backups and so
on.

How can I make the lines above work for me without crippling my scp and rsync
functions?



[-- Attachment #2: Type: application/pgp-signature, Size: 194 bytes --]

Re: A few lines in .zshenv (re ssh-agent) disable scp and rsync?

[Benjamin R. Haskell]

On Mon, 27 Jun 2011, rj wrote:

> How might I resolve the fact that the presence of these lines at the 
> bottom of my .zshenv on a (NetBSD) ISP account
>
> #--------------------------------------------------------------------
> # Make sure ssh-agent dies on logout:
> trap '
>  test -n "SSH_AGENT_PID"  && eval `ssh-agent -k`
> ' 0

Why `test -n VAR` here, but `if [ "$VAR" = "" ]` below?


> # If no agent is running and we have a terminal, run ssh-agent and ssh-add:
> if [ "$SSH_AUTH_SOCK" = "" ]
> then
>  eval `ssh-agent`
>  /usr/bin/tty > /dev/null && ssh-add

Better:

tty -s && ssh-add

The -s flag means to print nothing


Better still:

[[ -t 0 ]] && ssh-add

Also avoids the use of an external program.


> fi
> #------------------------------------------------------------------
>
>
> are causing me to be unable to transfer files between that account and 
> my home Ubuntu box using (either from my home box or from the other 
> side) rsync or scp?
>
> I need to be able to create and kill ssh-agent as per the .zshenv 
> entry above.  (This was some recommended stuff from, I think, the 
> O'Reilly book on SSH.)
>
> But I also need to use scp and rsync to move files and do backups and 
> so on.
>
> How can I make the lines above work for me without crippling my scp and rsync
> functions?

You shouldn't put anything that echoes output to the terminal in a login 
profile.  That should be saved for interactive startup scripts.

In Zsh's case, that means you can solve this by simply moving those 
lines from .zshenv (which gets run for all shells, including those which 
don't accept input interactively) to .zshrc (which is only run for 
interactive shells).

For a good explanation, see:
http://blogs.oracle.com/janp/entry/how_the_scp_protocol_works#talkative_profiles

The offending commands are:
eval `ssh-agent`     -- which outputs the PID of the newly-started agent
eval `ssh-agent -k`  -- which outputs the PID of the agent it kills

So, you could also solve this by conditioning all of the ssh-agent 
actions on whether a terminal is connected:

# if stdin is a terminal (unnecessary in .zshrc)
if [[ -t 0 ]] ; then
 	# kill the ssh-agent on exit
 	trap '[[ -n "$SSH_AGENT_PID" ]] && eval `ssh-agent -k`' 0
 	# start the ssh-agent if not already started
 	[[ -z "$SSH_AGENT_PID" ]] && eval `ssh-agent`
 	# add identities to the agent
 	ssh-add
fi

-- 
Best,
Ben

Re: A few lines in .zshenv (re ssh-agent) disable scp and rsync?

[Vincent Lefevre]

On 2011-06-27 03:36:23 -0400, Benjamin R. Haskell wrote:
> You shouldn't put anything that echoes output to the terminal in a login
> profile.  That should be saved for interactive startup scripts.
> 
> In Zsh's case, that means you can solve this by simply moving those lines
> from .zshenv (which gets run for all shells, including those which don't
> accept input interactively) to .zshrc (which is only run for interactive
> shells).

Or this can be tested. For instance, I have:

[[ -o interactive ]] && echo 'zshenv...'

> So, you could also solve this by conditioning all of the ssh-agent actions
> on whether a terminal is connected:
> 
> # if stdin is a terminal (unnecessary in .zshrc)
> if [[ -t 0 ]] ; then
> 	# kill the ssh-agent on exit
> 	trap '[[ -n "$SSH_AGENT_PID" ]] && eval `ssh-agent -k`' 0
> 	# start the ssh-agent if not already started
> 	[[ -z "$SSH_AGENT_PID" ]] && eval `ssh-agent`
> 	# add identities to the agent
> 	ssh-add
> fi

It depends whether the user wants this to be executed with:

ssh -t <host> <command>

BTW, I think that on-demand ssh-add is better (i.e. running it just
before the ssh/scp/...).

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)

Re: A few lines in .zshenv (re ssh-agent) disable scp and rsync?

[Russell Hoover]

On Mon 27 at 03:36 AM -0400, "Benjamin R. Haskell" <zsh@benizi.com> wrote:

> So, you could also solve this by conditioning all of the ssh-agent
> actions on whether a terminal is connected:
> 
> # if stdin is a terminal (unnecessary in .zshrc)
> if [[ -t 0 ]] ; then
> 	# kill the ssh-agent on exit
> 	trap '[[ -n "$SSH_AGENT_PID" ]] && eval `ssh-agent -k`' 0
> 	# start the ssh-agent if not already started
> 	[[ -z "$SSH_AGENT_PID" ]] && eval `ssh-agent`
> 	# add identities to the agent
> 	ssh-add
> fi


My first impulse was to use your code here, and leave it in .zshenv, so
that if it ever got copied and put somewhere else, it would have its
precautions against being output to a terminal already built in.  (I.e.,
it's self-sufficient.)

As opposed to keeping my own code and putting it in .zshrc.

But when I did the former, I discovered that when I login to the account,
I get this prompt twice, instead of once:

Enter passphrase for /net/u/5/r/rj/.ssh/id_rsa:

I use this to ssh from that account to others (only use it from a workpace
windows machine; when I'm at home, I ssh to those other accounts directly
from my home box, not from this account. From home I don't enter the
passprhrase here after having logged into the account, I just hit return.)

So for the moment at least, I've moved the code I had in .zshenv to .zshrc
and am using that.  Thanks for the education, hope I'm doing the prudent
thing, probably need to look into it a bit more & will check the link you
posted.