Bug#658124: x11-common: Xsession should not start ssh-agent (should be a user-level choice)
On Wed, Feb 01, 2012 at 09:27:43PM +0100, Julien Cristau wrote: > On Tue, Jan 31, 2012 at 15:46:28 +0100, Vincent Lefevre wrote: > > Note: /etc/X11/Xsession.d/90x11-common_ssh-agent does some checks > > e.g. by testing whether $SSH_AUTH_SOCK is set, but unfortunately it > > is sourced before the user can get the control on the environment, > > so that there is no good workaround. > > > unset SSH_AUTH_SOCK in ~/.xsessionrc wouldn't work? As pointed out, that's a hack. More clear is this (untested) patch, which will honor STARTSSH pulled in from, e.g. .xsessionrc --- 90x11-common_ssh-agent 2017-04-24 12:56:05.131727153 +0200 +++ /etc/X11/Xsession.d/90x11-common_ssh-agent 2017-04-24 13:03:33.568948463 +0200 @@ -2,12 +2,12 @@ # This file is sourced by Xsession(5), not executed. -STARTSSH= +STARTSSH=${SSHAGENT:-} SSHAGENT=/usr/bin/ssh-agent SSHAGENTARGS= if has_option use-ssh-agent; then - if [ -x "$SSHAGENT" ] && [ -z "$SSH_AUTH_SOCK" ] \ + if [ -z "$STARTSSH" ] && [ -x "$SSHAGENT" ] && [ -z "$SSH_AUTH_SOCK" ] \ && [ -z "$SSH2_AUTH_SOCK" ]; then STARTSSH=yes if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#658124: x11-common: Xsession should not start ssh-agent (should be a user-level choice)
On Tue, Jan 31, 2012 at 15:46:28 +0100, Vincent Lefevre wrote: Note: /etc/X11/Xsession.d/90x11-common_ssh-agent does some checks e.g. by testing whether $SSH_AUTH_SOCK is set, but unfortunately it is sourced before the user can get the control on the environment, so that there is no good workaround. unset SSH_AUTH_SOCK in ~/.xsessionrc wouldn't work? Cheers, Julien signature.asc Description: Digital signature
Bug#658124: x11-common: Xsession should not start ssh-agent (should be a user-level choice)
On 2012-02-01 21:27:43 +0100, Julien Cristau wrote: On Tue, Jan 31, 2012 at 15:46:28 +0100, Vincent Lefevre wrote: Note: /etc/X11/Xsession.d/90x11-common_ssh-agent does some checks e.g. by testing whether $SSH_AUTH_SOCK is set, but unfortunately it is sourced before the user can get the control on the environment, so that there is no good workaround. unset SSH_AUTH_SOCK in ~/.xsessionrc wouldn't work? There are several problems with that. First, it should be done conditionally with some heuristics, because SSH_AUTH_SOCK could have been set in some other way, e.g. by a possible login shell (if X was started from the command line). Another problem is that unset SSH_AUTH_SOCK won't kill the agent, leaving a useless process. eval `ssh-agent -k` is probably the correct command. Also, in case of some future bug in ssh-agent, the X environment might no longer be started because ssh-agent is the controlling process instead of being a child of the session process; this makes the system more sensitive to failures. -- Vincent Lefèvre vinc...@vinc17.net - Web: http://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: http://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120202002542.go3...@xvii.vinc17.org
Bug#658124: x11-common: Xsession should not start ssh-agent (should be a user-level choice)
Package: x11-common Version: 1:7.6+11 Severity: normal By default, due to use-ssh-agent in /etc/X11/Xsession.options and /etc/X11/Xsession.d/90x11-common_ssh-agent, Xsession starts ssh-agent (as a user process). However this may clash with the user settings[*] and even not, it may be a useless process. Xsession should not start ssh-agent, or this should be controlled by a user-level option, not by an admin-level one such as in /etc/X11/Xsession.options. Anyway if the user wants to start ssh-agent, this is already possible via his .xsession file in a more flexible way. Note: /etc/X11/Xsession.d/90x11-common_ssh-agent does some checks e.g. by testing whether $SSH_AUTH_SOCK is set, but unfortunately it is sourced before the user can get the control on the environment, so that there is no good workaround. [*] For instance, I have a system to share the ssh-agent between sessions (X / ssh to the machine / screen). The fact that $SSH_AUTH_SOCK is set makes it believe that ssh-agent was already started with this system. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages x11-common depends on: ii debconf [debconf-2.0] 1.5.41 ii lsb-base 3.2-28.1 x11-common recommends no packages. x11-common suggests no packages. -- debconf information: x11-common/xwrapper/allowed_users: Console Users Only x11-common/xwrapper/actual_allowed_users: console -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120131144628.ga7...@ypig.lip.ens-lyon.fr