ssh-agent and /tmp/ssh-* removal at logout

Karl M karlm30@hotmail.com
Thu Feb 24 22:02:00 GMT 2005



>From: Jim Kleckner
>Subject: Re: ssh-agent and /tmp/ssh-* removal at logout
>Date: Wed, 23 Feb 2005 15:04:46 -0800
>
>Karl M wrote:
>
>>>From: Jim Kleckner
>>>Subject: ssh-agent and /tmp/ssh-* removal at logout
>>>Date: Wed, 23 Feb 2005 06:18:50 -0800
>>>
>>>ssh-agent leaves stale directories named /tmp/ssh-xxxx
>>>that contain the named pipe for authentication.
>>>These left over directories come about when you log out
>>>or shut down the computer without stopping ssh-agent
>>>either by running keychain to shut it down or sending it
>>>a SIGHUP to exit and clean up.
>>>
>>>Could ssh-agent catch the shutdown message and thus
>>>do the proper cleanup?  What would that entail?
>>>
>>>Jim
>>>
>>>I noticed that in Karl's script to start keychain:
>>>  http://sourceware.org/ml/cygwin/2004-03/msg00167.html
>>>that he removes any /tmp/ssh-* pre-existing and presumed
>>>stale directories left over by dead ssh-agent processes
>>>and this assumes that there is only one ssh-agent per machine.
>>>Not as good as actually getting rid of the source of the
>>>zombie directories.
>>>
>>Actually, it does not assume that there is only one ssh-agent process per 
>>machine. I routinely use it with ssh-agents processes for multiple users. 
>>The files for other users are protected so that they can not be deleted. 
>>Thus, only the current user's tmp files are deleted.
>>
>>I'm in the process of doing some clean-up work and trying out keychain 
>>2.5.1. I am also adding ${HOSTNAME}.cmd file creation for use with Windows 
>>shell scripts. If there is interest, perhaps I should offer to maintain 
>>keychain, with additional support for launching it from a service. 
>>Launching keychain from a service allows the ssh-agent process to survive 
>>logout, so you only type a passphrase once per reboot instead of once per 
>>login.
>>
>>Thanks,
>>
>>...Karl
>
>Ah, I see.  I had assumed that persons logged in with Administrator
>privileges would blow them all away.
>
>Having the service seems like a nice arrow in the quiver.
>
>I don't think I would want my personal keyring to persist
>across my sessions, though.  Kind of like leaving the key
>in the car ignition while parked.  I can see that it could be
>useful for daemon processes though.
>
>Jim
>
I use it that way all the time, but I also have a password on my 
screensaver. So I have a good tradeoff between security and convenience.

Thanks,

...Karl



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list