Index | Thread | Search

From:
Lucas Gabriel Vuotto <lucas@sexy.is>
Subject:
Re: Move the ssh-agent socket from /tmp to $HOME/.ssh/
To:
tech@openbsd.org
Date:
Tue, 29 Apr 2025 15:43:52 +0000

Download raw body.

Thread 
On Tue, Apr 29, 2025 at 03:49:45PM +0100, Stuart Henderson wrote:
> > Index: app/xenodm/config/Xsession.in
> > ===================================================================
> > RCS file: /cvs/xenocara/app/xenodm/config/Xsession.in,v
> > diff -u -p -r1.2 Xsession.in
> > --- app/xenodm/config/Xsession.in	1 Jul 2022 20:42:06 -0000	1.2
> > +++ app/xenodm/config/Xsession.in	29 Apr 2025 14:30:27 -0000
> > @@ -29,7 +29,7 @@ then
> >  	do
> >  		if [ -f "$HOME/.ssh/$k" ]; then
> >  			eval `ssh-agent -s`
> > -			ssh-add < /dev/null
> > +			ssh-add -c < /dev/null
> >  			break
> >  		fi
> >  	done
> 
> This in Xsession is a bit of a problem, the desired ssh-add command
> is really down to user preferences so having to modify a system-wide
> file to change it is a nuisance. It would be nice to have a way to
> avoid running that ssh-add which is nicer than "name your keys
> something other than id_rsa id_ecdsa id_ecdsa_sk id_ed25519
> id_ed25519_sk id_dsa" ...

I'm on the "my keys reside in ~/.ssh/keys" camp too, nice to meet you. ^^

Is there a reason why the `ssh-add` is in there, other than it always was
there? I do think it's a bad idea, especially given that the keys are
added without a timeout. Is removing the ssh-add call altogether an
option?

diff /usr/xenocara
path + /usr/xenocara
commit - 598358d185b5e06513eb7f1467877d49096f4b62
blob - 28bcf8a3290b48259dc2bc1ab7018ff89dc828d9
file + app/xenodm/config/Xsession.in
--- app/xenodm/config/Xsession.in
+++ app/xenodm/config/Xsession.in
@@ -29,7 +29,6 @@ then
 	do
 		if [ -f "$HOME/.ssh/$k" ]; then
 			eval `ssh-agent -s`
-			ssh-add < /dev/null
 			break
 		fi
 	done


Or even start the agent, regardless of presence of private keys or not.
Is there something wrong with going that way?

diff /usr/xenocara
path + /usr/xenocara
commit - 598358d185b5e06513eb7f1467877d49096f4b62
blob - 28bcf8a3290b48259dc2bc1ab7018ff89dc828d9
file + app/xenodm/config/Xsession.in
--- app/xenodm/config/Xsession.in
+++ app/xenodm/config/Xsession.in
@@ -22,17 +22,9 @@ else
 	done
 fi
 
-# if we have private ssh key(s), start ssh-agent and add the key(s)
 if [ -z "$SSH_AGENT_PID" ] && [ -x /usr/bin/ssh-agent ]
 then
-	for k in id_rsa id_ecdsa id_ecdsa_sk id_ed25519 id_ed25519_sk id_dsa
-	do
-		if [ -f "$HOME/.ssh/$k" ]; then
-			eval `ssh-agent -s`
-			ssh-add < /dev/null
-			break
-		fi
-	done
+	eval `ssh-agent -s`
 fi
 
 do_exit() {