reference counting in ssh-agent?

Bob Proulx bob at proulx.com
Fri Jul 29 15:08:38 EST 2005 

Rob wrote:
> In a machine that I regularly use one console and remotely I have the line:
> 
> eval `ssh-agent`
> 
> In my .login, as per the ssh-agent(1) man page.

Ew, yuck.  Remember that is the second entry in the man page.  The
first entry is the one you want.  At least it is the one I want.

> Problem: when I log out, the ssh-agent process persists which is the
> correct behavior in some cases, but not in others.  This means that
> periodically I have to kill off hundreds of ssh-agent processes as they
> are taking up a substantial amount of my (fairly old) machine's resources.

Yep.

> Question: is there a trivial way of fixing this problem?

Doctor, doctor, it hurts when I do this.  So don't do that.  :-)

The first usage synopsis in the man page is:

     ssh-agent [-a bind_address] [-c | -s] [-t life] [-d] [command [args ...]]

     ...
     If a commandline is given, this is executed as a subprocess of the agent.
     When the command dies, so does the agent.

That is the usage I prefer.  Since I am running X11 most of the time
the distro I am using automatically starts the ssh-agent up as part of
the X session.  When I log out, the agent exits.

  exec ssh-agent ~/.xsession

For me on my Debian system the above is automatic.  But if it is not
on your system then I would start it up with my window manager as the
command.

In a ~/.xsession file.

  #!/bin/bash --login
  exec ssh-agent fvwm # or startkde or gnome-session or whatever

Since you said ~/.login:

  #!/bin/csh -l
  exec ssh-agent fvwm # or startkde or gnome-session or whatever

But you mentioned a console.  When I need this manually from a random
command line shell window I usually run the following commands.

  exec ssh-agent $SHELL
  ssh-add

You can automate this with the following as the very last thing in
your ~/.profile (or ~/.bash_profile) so that an agent is always
available when you log into a system.  Remember that the current shell
is replaced and overlayed with a new one when the 'exec' command is
run.  No commands after that in the script will be run because the
shell interpreting the script no longer exists.

  ssh-add -l >/dev/null 2>&1
  if [ $? -eq 2 ] ; then
    exec ssh-agent $SHELL
  fi

When I log out, the agent exits.  I never have to worry about reaping
in orphaned ssh-agents.

You said ~/.login so:

  ssh-add -l >& /dev/null
  if ( $status ) then
    exec ssh-agent $SHELL
  endif

Bob

More information about the openssh-unix-dev mailing list