The ssh-agent plugin now adds all files in `~/.ssh/` that start with
`-----BEGIN OPENSSH PRIVATE KEY-----`, regardless of their name.
This fixes an issue where the plugin was only adding keys with hardcoded names.
This change ensures that any valid OpenSSH private key will be added
to the ssh-agent, improving compatibility and flexibility for users
with custom key names.
* ssh-agent: lock this script with a mkdir style mutex
This script is a kind of singleton pattern and is not reentrant.
If several shells are oppened in a fast sequence, then several
independent ssh-agents would be created, which is not acceptable.
A mutex is required.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
* ssh-agent: only start agent if .ssh dir exists
To use the same profile system-wide, it might happen
that the .ssh directory does not exist
(typically $HOME/.ssh/). This would trigger a error.
Creating the directory would be a option, but it
usually will not make sense to do so because it means
the user doesn't have ssh keys or config.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
* ssh-agent: adds lazy option to disable key loading on start
Option is documented on updated README.md
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
* ssh-agent: simplify agent-forwarding checking
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
Co-authored-by: Robby Russell <robby@planetargon.com>
This change makes the plugin check if an identity is loaded by looking
first at the key filename reported by `ssh-add -l`. This fixes the use
case where ssh-keygen is not able to output the fingerprint of a key,
such as the one reported on #7516.
Now, for an identity to be passed onto ssh-add, it has to fail the
match for a loaded identity, both filename and signature.
With this PR the ssh-agent plugin loads all identities which are not yet
loaded in a single call to ssh-add. If a passphrase is shared between
loaded identities it only needs to be entered once.
Fixes#7506
With this PR the ssh-agent plugin checks the `ssh-add -l` output for the
identities added, and adds all those specified by the user that haven't been
added yet.
We also decouple the logic of starting ssh-agent from the logic of adding
identities, meaning that even if ssh-agent has been started by some other means
(like launchd) we can still ssh-add the user's identities.
Fixes#3019Fixes#6979
When invoking a shell as root using ```sudo -s```, the ssh-agent plugin
starts a new agent although it already exists.
The problem boils down to a check if ssh-agent is running using
```ps x```. If that is extended to ```ps ax``` for root, then the
existing ssh-agent will still work.
On systems where the shell cannot be changed because of a strict
security policy, ssh-agent will use the syntax of whatever the
default $SHELL is.
For instance, if the default shell is tcsh, ssh-agent will use the
c-shell style (setenv).
This change forces ssh-agent to use bourne-style syntax since that
has to be later interpreted by zsh. Consequently, the environment
file will contain `export' statements from now on (instead of
`setenv').
On an OS X laptop, the variable `$HOST` changes a lot depending
on what wifi network you're connected to. This causes a lot
of `~/.ssh/environment-$HOST` files to be created and
causes multiple ssh-agents to created.
Instead, use `scutil --get ComputerName` to get something
more stable.
By default, ssh-agent stores identities forever. It has an option to
set a maximum lifetime for identites (useful to expire passphrase protected
keys). Allow this option to be set using:
zstyle :omz:plugins:ssh-agent lifetime <time>
