Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for ssh-agent if that is installed on the system #48

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for ssh-agent if that is installed on the system #48

wants to merge 1 commit into from

Conversation

snaggen
Copy link

@snaggen snaggen commented Apr 18, 2024

This patch ensures we run an ssh-agent if it is found on the system.
Note that $SSH_AGENT is deliberately unquoted to expand to nothing if no agent is found on the system

Add support for ssh-agent if that is installed on the system
de08fd4 
Note that $SSH_AGENT is deliberately unquoted to expand
to nothing if no agent is found on the system
@Drakulix
Copy link
Member

I don't think this should be handled by cosmic-session explicitly. Rather we need support for xdg-autostart.

@snaggen
Copy link
Author

snaggen commented Apr 18, 2024

But the ssh-agent service will only be provided to it's children. So, everything that should be able to access the ssh-agent must be below it in the process tree.

If you run the ssh_agent as an auto-started process, then you would need to do some weird hack to read out the enviroment variable SSH_AUTH_SOCK and then propate that in some other weird way to other processes...

So, I think cosmic-session it the place for it.

@snaggen
Copy link
Author

snaggen commented Apr 18, 2024
edited

Well, actually, you have a point that just running ssh-agent like this is not optimal. If you look at how gnome does it, they are wrapping the ssh-agent process with their keyring. Then the ssh-agent is started and pointed to a specific unix socket, but they still have to initialize that from gnome session (not directly like here, but by communicating over a control socket to the gnome-keyring daemon, which will run the ssh-agent and send the environment back over that socket), to be able to set and propagate the SSH_AUTH_SOCK environment variable to the user environment.

The benefit they get from doing this, is that they then can add all the keys to the agent automatically as soon as the keyring gets unlocked, and unload the keys when the keyring is locked. Also, if the keyring needs the password to load a key, they can provide modal dialogs in the UI for authentication.

So there are quite a few things that can be won by a more advanced solution, but you will probably still run in cosmic-session one way or another. And this solution here, can be seen as a simple placeholder until a more advanced solution with a ssh aware keyring is put in place. This solution still requires a user to run ssh-add to add the keys manually, but it is better than no support at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@snaggen @Drakulix