KDE ssh-agent

Fri Aug 31 20:57:06 UTC 2007

> Mike -- EMAIL IGNORED wrote:
>> On Thu, 30 Aug 2007 16:46:28 -0400, Todd Zullinger wrote:
>> 
>> [...]
>>> Yep, after you scratch your head for half an hour wondering why things
>>> have broken.  :)
>> 
>> Well, then, what might be broken?  Id the agent provided for something
>> other than my "convenience"?
> 
> I just meant that if you tweak the script and then it gets updated via
> yum or whatever, you may end up scratching your head for a bit before
> realize that the tweak you made several months ago got overwritten. At
> least, that's what happens to me. :)

Yes, I see your point -- another nuisance.

> 
>>> What it is that breaks by having ssh agent started automatically?
>>>
>>>
>> My script checks for a preexisting agent, and if it finds one, it
>> assumes it is one I created and tries to add a key to it.  However, if
>> the system created an agent, other things I put in place when I create
>> the agent are not there, and I get a failure report.
> 
> Okay.  So obviously the best thing to work with your scripts currently
> will be if SSH_AGENT_PID is set so that when the xinitrc-common script
> checks for it, it's already set.  I haven't made time to log out and
> test that yet.  Have you tried it to see if that will work?

Yes, I could preset SSH_AGENT_PID -- as long as someone does not
change the script.

> 
> Also, might it not be more robust (and better in the long term) if your
> script checked for the things you put in place when yo start an
> ssh-agent?  That way it wouldn't matter whether the agent was started by
> xinitrc-common or you.

Did they use my preferred options in creating the agent?

> 
> At what point do you start your agent?  If it's after the xinit scripts
> would be starting it, then doesn't that leave you unable to use the
> agent conveniently from some processes started in your X session?

I start the agent by hand execution of the script only when I intend
to use it.  The script reads encrypted keys from removable media,
which is usually not present.

> 
>> I am reminded of the air conditioning in our family cars.  I have a
>> 1999 Camry.  It has an excellent AC system.  When I want more wind, I
>> turn the fan-speed knob.  Now my wife has a 2003 Camry.  When it
>> decides I should have more wind, it turns up the fan... I dread the day
>> I will have to shop for a new car.  If I wanted a system to
>> transparently decide things like "I should have an ssh-agent", I would
>> use Microsoft (may we be protected from the evil eye). ;)
> 
> I understand that concern.  There's also the view that it's nice to have
> some common things handled so that every user doesn't need to reinvent
> the wheel.  I used to always patch the x startup scripts precisely to
> add ssh-agent, so I was happy when that change got added.

It is only nice if it is easily visible and controllable.  As can be seen
above, my use of agents is different that yours.

> 
> Unless it turns out that you can't set your own SSH_AGENT_PID variable
> before the xinitrc-common script runs, you should be able to easily work
> with the current startup scripts to not start an agent for you, if you
> prefer not to.  And if not, then you can almost as easily modify the
> xinitrc-common script to not start an agent.

This last suggestion remains my favorite.

> 
> If the latter case is true, then it might be worth submitting a patch to
> make the xinitrc-common script check for something user controlled
> (file, variable, etc.) which would allow you to tell it not to start an
> agent for you.
> 
[...]

Yes.  My suggestion is that by default, it be disabled.  It might also
be added to the install dialog (hopefully in terms that most reasonably
well educated users could understand without web-search, which presently
is the case for only a minority of the options).

To whom do I present my suggestion, or have I just done it? :)

Thanks again,
Mike.