fix doubled agents
This commit is contained in:
Jakobus Schürz
parent
25a9657fd6
commit
e5350dc312
1 changed files with 65 additions and 30 deletions
|
|
@ -57,17 +57,23 @@ ssh_runinagent() {
|
|||
|
||||
local SSH_AUTH_SOCK
|
||||
local SSH_AGENT_PID
|
||||
local PKCS11_MODULE
|
||||
local agentfile
|
||||
local command
|
||||
local agentfile=${1}
|
||||
shift
|
||||
local sshcommand=${@}
|
||||
|
||||
logdebug "agentfile: ${agentfile}"
|
||||
logtrace "run command »$sshcommand« in agent $agentfile"
|
||||
if [ -e "$agentfile" ]; then
|
||||
/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; \
|
||||
. $agentfile >/dev/null 2>/dev/null; \
|
||||
$sshcommand"
|
||||
#/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID PKCS11_MODULE; eval $(<$agentfile) >/dev/null 2>&1; echo SSH_AUTH_SOCK ${SSH_AUTH_SOCK:-not set} >&2; $sshcommand"
|
||||
#unset SSH_AUTH_SOCK SSH_AGENT_PID PKCS11_MODULE
|
||||
. $agentfile >&2
|
||||
logdebug "SSH_AUTH_SOCK: ${SSH_AUTH_SOCK:-not set}"
|
||||
logdebug "SSH_AGENT_PID: ${SSH_AGENT_PID:-not set}"
|
||||
logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set}"
|
||||
$sshcommand
|
||||
ret=$?
|
||||
else
|
||||
logwarning "agentfile not existent"
|
||||
|
|
@ -111,26 +117,35 @@ start_or_restart_local_agent() {
|
|||
logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set}"
|
||||
for i in $(pgrep -f ${SSH_AUTH_SOCK})
|
||||
do
|
||||
logdebug "$(stat ${SSH_AUTH_SOCK})"
|
||||
logdebug "found pid: $i"
|
||||
[ -n "${SSH_AGENT_PID:+x}" ] \
|
||||
&& [ $i -eq ${SSH_AGENT_PID} ] \
|
||||
|| { logwarning "kill unused ssh-agent with pid $i"; kill $i; }
|
||||
logdebug "is SSH_AGENT_PID set?" [ -n "${SSH_AGENT_PID:+x}" ]
|
||||
logdebug "is $SSH_AGENT_PID same as found pid $i:" [ $i -eq ${SSH_AGENT_PID} ]
|
||||
${REMOTE_UNUSED_AGENTS:-false} && { [ -n "${SSH_AGENT_PID:+x}" ] && [ $i -eq ${SSH_AGENT_PID} ] || { logwarning "kill unused ssh-agent with pid $i"; kill $i; }; }
|
||||
done
|
||||
if [ -e ${ssh_socketfile} ]
|
||||
then
|
||||
case $(pgrep -f ${SSH_AUTH_SOCK}|wc -l) in
|
||||
0)
|
||||
logdebug "no ssh-agents for file ${ssh_socketfile}"
|
||||
ret=2
|
||||
ret=3
|
||||
;;
|
||||
1)
|
||||
logdebug "one running agent for file ${ssh_socketfile}. Use it"
|
||||
msg="$(ssh_runinagent $ssh_agentfile "ssh-add -l 2>&1")"
|
||||
msg="$(ssh_runinagent $ssh_agentfile "ssh-add -v -l 2>&1")"
|
||||
ret=$?
|
||||
logdebug "SSH_AUTH_SOCK: $SSH_AUTH_SOCK"
|
||||
;;
|
||||
*)
|
||||
logdebug "more than one ssh-agents for file ${ssh_socketfile}"
|
||||
return 3
|
||||
;;
|
||||
esac
|
||||
else
|
||||
logdebug "remove socketfile: $( rm -v -f "$ssh_socketfile" )"
|
||||
msg="$(ssh_runinagent $ssh_agentfile "ssh-add -v -l 2>&1")"
|
||||
ret=$?
|
||||
fi
|
||||
logdebug "ret: $ret"
|
||||
#msg="$(ssh-add -l 2>&1)"
|
||||
logtrace "Output from check for running agent: $msg"
|
||||
|
|
@ -142,15 +157,11 @@ start_or_restart_local_agent() {
|
|||
logdebug "agent is running, but:"
|
||||
logwarning "$msg"
|
||||
;;
|
||||
2|99)
|
||||
2|3|99)
|
||||
logdebug "former agent is not running -> start it"
|
||||
logdebug "remove socketfile: $( rm -v -f "$ssh_socketfile" )"
|
||||
logdebug "remove agentfile: $( rm -v -f "$ssh_agentfile" )"
|
||||
;;
|
||||
esac
|
||||
else
|
||||
logdebug "ssh_agentfile ${ssh_agentfile} does not exist"
|
||||
fi
|
||||
#logdebug "$(ssh-agent -k)"
|
||||
logdebug "SSH_AGENT_OPTIONS: $SSH_AGENT_OPTIONS"
|
||||
logtrace "$(ssh-agent -a $ssh_socketfile ${SSH_AGENT_OPTIONS} > $ssh_agentfile )"
|
||||
logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set}"
|
||||
|
|
@ -158,6 +169,23 @@ start_or_restart_local_agent() {
|
|||
[ -n "${PKCS11_MODULE:+x}" ] && logdebug "add PKCS11_MODULE to ${ssh_agentfile}"
|
||||
[ -n "${PKCS11_MODULE:+x}" ] && echo "PKCS11_MODULE=$PKCS11_MODULE; export PKCS11_MODULE" >> ${ssh_agentfile}
|
||||
logdebug "agent started"
|
||||
;;
|
||||
4)
|
||||
logdebug "this is strange"
|
||||
;;
|
||||
esac
|
||||
else
|
||||
logdebug "ssh_agentfile ${ssh_agentfile} does not exist"
|
||||
logdebug "remove socketfile: $( rm -v -f "$ssh_socketfile" )"
|
||||
logdebug "remove agentfile: $( rm -v -f "$ssh_agentfile" )"
|
||||
logdebug "SSH_AGENT_OPTIONS: $SSH_AGENT_OPTIONS"
|
||||
logtrace "$(ssh-agent -a $ssh_socketfile ${SSH_AGENT_OPTIONS} > $ssh_agentfile )"
|
||||
logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set}"
|
||||
sed '/^PKCS11_MODULE/d' ${ssh_agentfile}
|
||||
[ -n "${PKCS11_MODULE:+x}" ] && logdebug "add PKCS11_MODULE to ${ssh_agentfile}"
|
||||
[ -n "${PKCS11_MODULE:+x}" ] && echo "PKCS11_MODULE=$PKCS11_MODULE; export PKCS11_MODULE" >> ${ssh_agentfile}
|
||||
logdebug "agent started"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -183,6 +211,13 @@ EOF
|
|||
fi
|
||||
else
|
||||
logdebug "Only local agent allowed"
|
||||
if [ -e ${ssh_agentfile} -a $(grep SSH_AUTH_SOCK ${ssh_agentfile}|echo $?) ]
|
||||
then
|
||||
logdebug "agentfile exists"
|
||||
else
|
||||
logdebug "agentfile is missing -> kill all ssh-agents for socket"
|
||||
pkill -f ${ssh_socketfile}
|
||||
fi
|
||||
if [ -L ${ssh_socketfile} ]
|
||||
then
|
||||
logdebug "${ssh_socketfile} is symlinked to $(readlink -f ${ssh_socketfile}). Remove it"
|
||||
|
|
@ -253,7 +288,7 @@ logtrace " SSH_IDENTITIES_DIR: $SSH_IDENTITIES_DIR"
|
|||
|
||||
set_and_load_identity_config ${1}
|
||||
loginfo " SSH_ADD_OPTIONS=${SSH_ADD_OPTIONS:-not set}"
|
||||
loginfo "SSH_AGENT_ALLOW_FROM_REMOTE=${SSH_AGENT_ALLOW_FROM_REMOTE:-not set}"
|
||||
loginfo "SSH_AGENT_ALLOW_FROM_REMOTE=${SSH_AGENT_ALLOW_FROM_REMOTE:-false}"
|
||||
loginfo " PKCS11_MODULE=${PKCS11_MODULE:-not set}"
|
||||
loginfo " P11M=${P11M:-not set}"
|
||||
loginfo " SSH_AUTH_SOCK=${SSH_AUTH_SOCK:-not set}"
|
||||
|
|
|
|||
Loading…
Reference in a new issue