ssh-agent: improvements (#6309)

* ssh-agent: lock this script with a mkdir style mutex

This script is a kind of singleton pattern and is not reentrant.
If several shells are oppened in a fast sequence, then several
independent ssh-agents would be created, which is not acceptable.
A mutex is required.

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>

* ssh-agent: only start agent if .ssh dir exists

To use the same profile system-wide, it might happen
that the .ssh directory does not exist
(typically $HOME/.ssh/). This would trigger a error.

Creating the directory would be a option, but it
usually will not make sense to do so because it means
the user doesn't have ssh keys or config.

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>

* ssh-agent: adds lazy option to disable key loading on start

Option is documented on updated README.md

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>

* ssh-agent: simplify agent-forwarding checking

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>

Co-authored-by: Robby Russell <robby@planetargon.com>
This commit is contained in:
Nuno Goncalves 2021-06-12 04:03:25 +02:00 committed by GitHub
parent 02ce2c4a2f
commit a206271460
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 10 deletions

View file

@ -19,9 +19,17 @@ To enable **agent forwarding support** add the following to your zshrc file:
zstyle :omz:plugins:ssh-agent agent-forwarding on zstyle :omz:plugins:ssh-agent agent-forwarding on
``` ```
---- To **NOT load any identities on start** use the `lazy` style.
This is particularly usefull when combined with the AddKeysToAgent
(available from OpenSSH 7.2), since it allows to enter the password only
on first use.
To **load multiple identities** use the `identities` style, For example: ```zsh
zstyle :omz:plugins:ssh-agent lazy yes
```
To **load multiple identities** use the `identities` style. This have no
effect if `lazy` is enabled.
```zsh ```zsh
zstyle :omz:plugins:ssh-agent identities id_rsa id_rsa2 id_github zstyle :omz:plugins:ssh-agent identities id_rsa id_rsa2 id_github

View file

@ -1,4 +1,16 @@
typeset _agent_forwarding _ssh_env_cache lockdir=/tmp/oh-my-zsh-ssh-agent.lock
while true; do
if mkdir "$lockdir" 2>/dev/null
then # directory did not exist, but was created successfully
trap 'rm -rf "$lockdir"' 0 # remove directory when script finishes
break # continue with script
else
sleep 0.1 # sleep for 0.2 and try again
fi
done
typeset _ssh_env_cache
function _start_agent() { function _start_agent() {
local lifetime local lifetime
@ -56,10 +68,7 @@ function _add_identities() {
# Get the filename to store/lookup the environment from # Get the filename to store/lookup the environment from
_ssh_env_cache="$HOME/.ssh/environment-$SHORT_HOST" _ssh_env_cache="$HOME/.ssh/environment-$SHORT_HOST"
# test if agent-forwarding is enabled if zstyle -t :omz:plugins:ssh-agent agent-forwarding && [[ -n "$SSH_AUTH_SOCK" ]]; then
zstyle -b :omz:plugins:ssh-agent agent-forwarding _agent_forwarding
if [[ $_agent_forwarding == "yes" && -n "$SSH_AUTH_SOCK" ]]; then
# Add a nifty symlink for screen/tmux if agent forwarding # Add a nifty symlink for screen/tmux if agent forwarding
[[ -L $SSH_AUTH_SOCK ]] || ln -sf "$SSH_AUTH_SOCK" /tmp/ssh-agent-$USERNAME-screen [[ -L $SSH_AUTH_SOCK ]] || ln -sf "$SSH_AUTH_SOCK" /tmp/ssh-agent-$USERNAME-screen
elif [[ -f "$_ssh_env_cache" ]]; then elif [[ -f "$_ssh_env_cache" ]]; then
@ -73,12 +82,16 @@ elif [[ -f "$_ssh_env_cache" ]]; then
ps $FILTER | grep ssh-agent | grep -q $SSH_AGENT_PID || { ps $FILTER | grep ssh-agent | grep -q $SSH_AGENT_PID || {
_start_agent _start_agent
} }
else elif [[ -d $HOME/.ssh ]]; then
_start_agent _start_agent
fi fi
_add_identities if ! zstyle -t :omz:plugins:ssh-agent lazy; then
_add_identities
fi
# tidy up after ourselves # tidy up after ourselves
unset _agent_forwarding _ssh_env_cache unset _ssh_env_cache
unfunction _start_agent _add_identities unfunction _start_agent _add_identities
rm -rf "$lockdir"