From: Daniel Shahaf <d.s@daniel.shahaf.name>
To: Bart Schaefer <schaefer@brasslantern.com>
Cc: zsh-users@zsh.org
Subject: Re: Backgrounding part of 'ssh-agent $cmd'
Date: Fri, 18 Jan 2013 08:18:45 +0200 [thread overview]
Message-ID: <20130118061845.GC3024@lp-shahaf.local> (raw)
In-Reply-To: <130116093514.ZM19656@torch.brasslantern.com>
Bart Schaefer wrote on Wed, Jan 16, 2013 at 09:35:14 -0800:
> On Jan 16, 8:59am, Daniel Shahaf wrote:
> } Subject: Backgrounding part of 'ssh-agent $cmd'
> }
> } More specifically, my workflow involves establishing several 'ssh -MNf'
> } connections every morning
>
> Are you running this on an Xorg desktop? Some Xorg distributions set
> up ssh-agent directly under the session manager so all applications
> on the desktop use the same agent. Unless you specifically need to
> run a separate agent for this, you might check whether one is already
> available.
Yes, and yes my distribution sets up a session-global ssh-agent
instance. Using a separate agent was a means to an end: not having the
ssh keys decrypted in memory whilst the laptop is hibernating.
> I source a file from my .zlogin that looks like this
> (details elided):
>
> (( SSH_AGENT_PID )) || return 0
> [[ $(ssh-add -L) = *"no identities"* ]] || return 0
> ssh-add ...
>
> The ssh-add command in this setup is clever enough to invoke zenity or
> gdialog or the equivalent to pop up a window for the password. Have
> you tried something like
>
> ssh-add ~/.ssh/foo.id_rsa </dev/null >>& .ssh-add-errors
>
> to see if it finds some other way to prompt you? If that works, then
> you can just background the entire foo_ssh_preseed call, whether or
> not you already have an ssh-agent for the desktop session.
Yes, 'ssh-add ~/.ssh/foo.id_rsa </dev/null' does prompt
me with a GUI window.
>
So, combining your and Christian's inputs, it appears I have two options:
- Add the key to the global agent at login (or after hibernte), and
install a suspend- or screensaver- hook that clears the agent.
- Retain my current code, with the following modification:
* 'ssh-add foo.id_rsa' -> 'ssh-add foo.id_rsa </dev/null'
* 'foo_ssh_preseed' -> 'foo_ssh_preseed &'
I've tried the second approach and it appears to work as intended: I get
prompted for my SSH password (graphically), then foo_ssh_preseed runs in
the background (dumping stderr to foreground) and foo_main proceeds in
the foreground.
Which is what I was after; thank you.
Thanks also to Christian for the pointers to the suspend- and
screensaver- hooks --- I haven't tried them yet, but they represent
a viable alternative.
Cheers
Daniel
next prev parent reply other threads:[~2013-01-18 6:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-16 6:59 Daniel Shahaf
2013-01-16 17:35 ` Bart Schaefer
2013-01-18 6:18 ` Daniel Shahaf [this message]
2013-01-18 7:26 ` Bart Schaefer
2013-01-18 14:13 ` Daniel Shahaf
2013-01-18 15:35 ` Bart Schaefer
2013-01-21 3:58 ` Daniel Shahaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130118061845.GC3024@lp-shahaf.local \
--to=d.s@daniel.shahaf.name \
--cc=schaefer@brasslantern.com \
--cc=zsh-users@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).