From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 12282 invoked by alias); 18 Jan 2013 06:18:57 -0000 Mailing-List: contact zsh-users-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Users List List-Post: List-Help: X-Seq: 17579 Received: (qmail 7576 invoked from network); 18 Jan 2013 06:18:54 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_LOW,T_DKIM_INVALID autolearn=ham version=3.3.2 Received-SPF: none (ns1.primenet.com.au: domain at daniel.shahaf.name does not designate permitted sender hosts) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= daniel.shahaf.name; h=date:from:to:cc:subject:message-id :references:mime-version:content-type:in-reply-to; s=mesmtp; bh= ZAa/Xq3AqDho24MqkdQOC8g6N9c=; b=yy66NbXFuW3ROHVeRCircbc3vrdyV2/h 2hnl2ErbHMZw+tI17ySXl8TQP4l5sv+fAf2caVXBVRB6+9nnp8PYGPSZK4sepNab Po5mubVCgIOuAGO9n/NHij8zKdfpQ9X19MyiZCmowNs2oJgohyw9ULAPafHTMjMd Q1wb5TSvMts= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:from:to:cc:subject:message-id :references:mime-version:content-type:in-reply-to; s=smtpout; bh=ZAa/Xq3AqDho24MqkdQOC8g6N9c=; b=QRVmfG0f00lblvdcSDxQeJj+v9cY mL8qIXVnZCvoiFPAMgfZ0hfdnNvR7Ozqemy/vw5Kxul3cx660QVPQ3GcotS71ZMP eYMMQydv89Bf3f6CmLHFNHWld+8vNu5ow//nbyqQzpRkrg4cuO3GzDHWvwK3OhqW 897JmycHHINUi0w= X-Sasl-enc: vuuvKeO8/6vsolLbohcwKlshZ8yXfitjexXnNF5lxxuH 1358489929 Date: Fri, 18 Jan 2013 08:18:45 +0200 From: Daniel Shahaf To: Bart Schaefer Cc: zsh-users@zsh.org Subject: Re: Backgrounding part of 'ssh-agent $cmd' Message-ID: <20130118061845.GC3024@lp-shahaf.local> References: <20130116065951.GA2992@lp-shahaf.local> <130116093514.ZM19656@torch.brasslantern.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <130116093514.ZM19656@torch.brasslantern.com> User-Agent: Mutt/1.5.18 (2008-05-17) Bart Schaefer wrote on Wed, Jan 16, 2013 at 09:35:14 -0800: > On Jan 16, 8:59am, Daniel Shahaf wrote: > } Subject: Backgrounding part of 'ssh-agent $cmd' > } > } More specifically, my workflow involves establishing several 'ssh -MNf' > } connections every morning > > Are you running this on an Xorg desktop? Some Xorg distributions set > up ssh-agent directly under the session manager so all applications > on the desktop use the same agent. Unless you specifically need to > run a separate agent for this, you might check whether one is already > available. Yes, and yes my distribution sets up a session-global ssh-agent instance. Using a separate agent was a means to an end: not having the ssh keys decrypted in memory whilst the laptop is hibernating. > I source a file from my .zlogin that looks like this > (details elided): > > (( SSH_AGENT_PID )) || return 0 > [[ $(ssh-add -L) = *"no identities"* ]] || return 0 > ssh-add ... > > The ssh-add command in this setup is clever enough to invoke zenity or > gdialog or the equivalent to pop up a window for the password. Have > you tried something like > > ssh-add ~/.ssh/foo.id_rsa >& .ssh-add-errors > > to see if it finds some other way to prompt you? If that works, then > you can just background the entire foo_ssh_preseed call, whether or > not you already have an ssh-agent for the desktop session. Yes, 'ssh-add ~/.ssh/foo.id_rsa So, combining your and Christian's inputs, it appears I have two options: - Add the key to the global agent at login (or after hibernte), and install a suspend- or screensaver- hook that clears the agent. - Retain my current code, with the following modification: * 'ssh-add foo.id_rsa' -> 'ssh-add foo.id_rsa 'foo_ssh_preseed &' I've tried the second approach and it appears to work as intended: I get prompted for my SSH password (graphically), then foo_ssh_preseed runs in the background (dumping stderr to foreground) and foo_main proceeds in the foreground. Which is what I was after; thank you. Thanks also to Christian for the pointers to the suspend- and screensaver- hooks --- I haven't tried them yet, but they represent a viable alternative. Cheers Daniel