Is there a convenient way to ensure that all logins from a given user (ie me) use the same ssh-agent? I hacked out a script to make this work most of the time, but I suspected all along that there was some way to do it that I had just missed. Additionally, since that time there have been amazing advances in computing technology, like for example this website.
So the goal here is that
- whenever I log in to the box, regardless of whether it's via SSH, or in a graphical session started from gdm/kdm/etc, or at a console:
- if my username does not currently have an
ssh-agent
running, one is started, the environment variables exported, andssh-add
called. - otherwise, the existing agent's coordinates are exported in the login session's environment variables.
- if my username does not currently have an
This facility is especially valuable when the box in question is used as a relay point when ssh
ing into a third box. In this case it avoids having to type in the private key's passphrase every time you ssh in and then want to, for example, do git push
or something.
The script given below does this mostly reliably, although it botched recently when X crashed and I then started another graphical session. There might have been other screwiness going on in that instance.
Here's my bad-is-good script. I source this from my .bashrc
.
# ssh-agent-procure.bash
# v0.6.4
# ensures that all shells sourcing this file in profile/rc scripts use the same ssh-agent.
# copyright me, now; licensed under the DWTFYWT license.
mkdir -p "$HOME/etc/ssh";
function ssh-procure-launch-agent {
eval `ssh-agent -s -a ~/etc/ssh/ssh-agent-socket`;
ssh-add;
}
if [ ! $SSH_AGENT_PID ]; then
if [ -e ~/etc/ssh/ssh-agent-socket ] ; then
SSH_AGENT_PID=`ps -fC ssh-agent |grep 'etc/ssh/ssh-agent-socket' |sed -r 's/^\S+\s+(\S+).*$/\1/'`;
if [[ $SSH_AGENT_PID =~ [0-9]+ ]]; then
# in this case the agent has already been launched and we are just attaching to it.
##++ It should check that this pid is actually active & belongs to an ssh instance
export SSH_AGENT_PID;
SSH_AUTH_SOCK=~/etc/ssh/ssh-agent-socket; export SSH_AUTH_SOCK;
else
# in this case there is no agent running, so the socket file is left over from a graceless agent termination.
rm ~/etc/ssh/ssh-agent-socket;
ssh-procure-launch-agent;
fi;
else
ssh-procure-launch-agent;
fi;
fi;
Please tell me there's a better way to do this. Also please don't nitpick the inconsistencies/gaffes ( eg putting var
stuff in etc
); I wrote this a while ago and have since learned many things.
Best Answer
I might as well throw my own variation into the mix:
And then every time I log in, if I want an agent attached (which I don't always), I just type
sagent
.