LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

SCIENTIFIC-LINUX-DEVEL Archives

April 2005

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-DEVEL Home
	SCIENTIFIC-LINUX-DEVEL April 2005

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: hanging processes
From:	Brett Viren <[log in to unmask]>
Reply To:	Brett Viren <[log in to unmask]>
Date:	Thu, 21 Apr 2005 09:44:17 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (81 lines)

Gerald Teschl <[log in to unmask]> writes:

> most of our boxes are used by visitors. For ever visitor logging in
> and out I have about 1-2 ssh-agent processes which keep runnding plus
> a number of gnome processes (gconf, bonobo, evolution, ...)

Can't speak to the gnome stuff but the othere is most likely due to
improper ssh-agent usage (user error). There are two solutions:

- Encourage the users to kill the agent in their .logout (tcsh) or
.bash_logout (bash) scripts.

- Encourage the users to not start the agent in .login/.profile but
rather start/stop it in .xinitrc (or .Xsession if using [XGK]DM).

Here is a chunk from our experiment's docs that give the details:

Get an ssh-agent to run in your interactive sessions
There are a number of ways to make your use of SSH keys easier. With out them you will have to type in your pass phrase every time you access the repository. It will quickly become obvious that it is worth the effort to set up one of these two methods:

* Create a per-shell agent:
To get an ssh-agent running in your interactive sessions put this in your shell setup file:

# For tcsh this goes in $HOME/.login
if ( ! $?SSH_AUTH_SOCK ) then
eval `ssh-agent -c`
ssh-add
endif

# For bash this goes in HOME/.bash_profile (or similar)
# $HOME/.profile
if [ -z "$SSH_AUTH_SOCK" ] ; then
eval `ssh-agent -s`
ssh-add
fi

This will start the ssh-agent.

To kill the ssh-agent when you're done put this in your shells logout file ($HOME/.logout for tcsh, $HOME/.bash_logout for bash):

ssh-agent -k

* Create a per-X-session agent:
An alternative to the above is to start and stop the ssh-agent with your X session. This is done by adding the following code into your .Xclients, .xinitrc or .xsession files.

#!/bin/sh
# (can use /bin/sh even if your interactive shell is tcsh)

# Start the SSH agent which can hold your keys in memory

eval `ssh-agent -s`

# Call ssh-add to add some keys. Redirecting /dev/null should trigger
# the use of a graphical password asker (ssh-askpass). See the man
# page for ssh-add for more details. Instead of putting this here,
# you can instead add this in your Desktop (eg, GNOME/KDE) session
# startup area.

ssh-add < /dev/null

# Here add any other X initialization, like starting some X clients
# or window manager or desktop. The below is an example for GNOME.

gnome-session

# when reaching here, the desktop/windowmanager has shutdown, so kill
# off the agent. Doing the "eval" clears out the environment
# variables created when the agent was first started.

eval `ssh-agent -k`

-------------

-Brett.

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV