Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Backgrounding part of 'ssh-agent $cmd'

X-seq: zsh-users 17584
From: Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>
To: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
Subject: Re: Backgrounding part of 'ssh-agent $cmd'
Date: Fri, 18 Jan 2013 16:13:22 +0200
Cc: zsh-users@xxxxxxx
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= daniel.shahaf.name; h=date:from:to:cc:subject:message-id :references:mime-version:content-type:in-reply-to; s=mesmtp; bh= 1iVfgbo16px+6z6S4SjGbbmqb0M=; b=NdVJR+AY9aC9jUB8EqcipOQpBRO6nFED qiBeOB6sibBhWdpcGGUCliPtkZB9rf1vQ+oGRU2rAmYuy+rVuscgirJ6UB8pzne0 2YE2WNqPbgHz1o+qCAuT+FGsaY1fyJbsDkuUmqVc1nq11+7kwwVD1GXKSRALlRNG CqFsv1PuoG4=
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:from:to:cc:subject:message-id :references:mime-version:content-type:in-reply-to; s=smtpout; bh=1iVfgbo16px+6z6S4SjGbbmqb0M=; b=hSnr9IZy7lQRWhSb/cJF6UED2Vma LBd4m+DAKfbhQznow09oIQg1AMQsT1KTbmXlZEI/oze8lEeA1GnwI5TJSqq05xMD f+apzhxtjWLl3/LHxiPxTUu+pMuopY65mEkUvn3maF8V+TdxcSNRNK5pV4dZbXx8 mgMrrrarDUr7pF0=
In-reply-to: <130117232602.ZM23841@torch.brasslantern.com>
List-help: <mailto:zsh-users-help@zsh.org>
List-id: Zsh Users List <zsh-users.zsh.org>
List-post: <mailto:zsh-users@zsh.org>
Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
References: <20130116065951.GA2992@lp-shahaf.local> <130116093514.ZM19656@torch.brasslantern.com> <20130118061845.GC3024@lp-shahaf.local> <130117232602.ZM23841@torch.brasslantern.com>

Bart Schaefer wrote on Thu, Jan 17, 2013 at 23:26:02 -0800:
> I'm glad my suggestion answered your question, but I don't think that I
> have solved your actual problem.  Wandering a bit afield of zsh here ...
> 

The part that I find less than ideal so far is that, under load, the GUI
ssh-askpass dialog appears after foo_main has started.  It's a problem,
not because of the ordering (it's not a problem even to run
foo_ssh_preseed only after foo_main has started), but because my "enter
ssh pw, enter foo_main pw" muscle memory gets bypassed.

> On Jan 18,  8:18am, Daniel Shahaf wrote:
> }
> } Yes, and yes my distribution sets up a session-global ssh-agent
> } instance.  Using a separate agent was a means to an end: not having the
> } ssh keys decrypted in memory whilst the laptop is hibernating.
> 
> I'm not sure you've actually accomplished that.  From what you've
> described, you're counting on the set of ssh created in foo_ssh_preseed
> to exit because the network connections time out while the laptop sleeps?
> 

Indeed.

> That means "ssh-add -D" doesn't run until the laptop *wakes up again*
> and the "wait" in foo_ssh_preseed returns.  The agent's memory state
> is dumped in the hibernate data with the keys still loaded.  Boot from
> removable media and that data could be mined.  Am I missing something?
> 

'ssh -MNf' daemonizes itself, so foo_ssh_preseed takes about 5 seconds
from start to finish.

<OT>The daemons open and keep open SSH TCP connections, so that subsequent
interactive 'ssh host1' commands don't need to do the TCP handshake and
SSH authentication handshake --- which speeds them up.  This relies on
ControlPath (and maybe ServerAliveInterval) being set in ~/.ssh/config.</OT>

I'd tell you exactly how long foo_ssh_preseed takes, but time(1zsh)
doesn't work on functions:

% zsh -fc 'time () { sleep 1 } ' 
% zsh -fc 'f(){ sleep 1 } ; time f'  

> You would need Christian's suspend-hook idea to get "ssh-add -D" to
> run before the laptop hibernates.  In which case you might as well
> use the session-global agent ...

Thanks,

Daniel

Follow-Ups:
- Re: Backgrounding part of 'ssh-agent $cmd'
  - From: Bart Schaefer

References:
- Backgrounding part of 'ssh-agent $cmd'
  - From: Daniel Shahaf
- Re: Backgrounding part of 'ssh-agent $cmd'
  - From: Bart Schaefer
- Re: Backgrounding part of 'ssh-agent $cmd'
  - From: Daniel Shahaf
- Re: Backgrounding part of 'ssh-agent $cmd'
  - From: Bart Schaefer

Messages sorted by: Reverse Date, Date, Thread, Author