ssh: remove persistent socket; use macOS Keychain
* Remove persistent SSH auth socket. * Make ps|grep more robust and POSIX compliant. * On macOS, use `-A` switch to "add identities to the agent using any passphrase stored in the user's keychain."
This commit is contained in:
Stephen Larew
parent
742260b55f
commit
56d0dc57f4
1 changed files with 11 additions and 15 deletions
|
|
@ -16,26 +16,19 @@ _ssh_dir="$HOME/.ssh"
|
|||
# Set the path to the environment file if not set by another module.
|
||||
_ssh_agent_env="${_ssh_agent_env:-${TMPDIR:-/tmp}/ssh-agent.env.$UID}"
|
||||
|
||||
# Set the path to the persistent authentication socket.
|
||||
_ssh_agent_sock="${TMPDIR:-/tmp}/ssh-agent.sock.$UID"
|
||||
|
||||
# Start ssh-agent if not started.
|
||||
# If a socket exists at SSH_AUTH_SOCK, assume ssh-agent is already running and
|
||||
# skip starting it.
|
||||
if [[ ! -S "$SSH_AUTH_SOCK" ]]; then
|
||||
# Export environment variables.
|
||||
# Try to grab previously exported environment variables.
|
||||
source "$_ssh_agent_env" 2> /dev/null
|
||||
|
||||
# Start ssh-agent if not started.
|
||||
if ! ps -U "$LOGNAME" -o pid,ucomm | grep -q -- "${SSH_AGENT_PID:--1} ssh-agent"; then
|
||||
# Do not start ssh-agent if the PID from the last start of ssh-agent exists and
|
||||
# corresponds to a running ssh-agent under the current user.
|
||||
if ! ps -U "$LOGNAME" -o pid,comm | grep -E -q -e "^[[:blank:]]*${SSH_AGENT_PID:--1}[[:blank:]].*ssh-agent$"; then
|
||||
eval "$(ssh-agent | sed '/^echo /d' | tee "$_ssh_agent_env")"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create a persistent SSH authentication socket.
|
||||
if [[ -S "$SSH_AUTH_SOCK" && "$SSH_AUTH_SOCK" != "$_ssh_agent_sock" ]]; then
|
||||
ln -sf "$SSH_AUTH_SOCK" "$_ssh_agent_sock"
|
||||
export SSH_AUTH_SOCK="$_ssh_agent_sock"
|
||||
fi
|
||||
|
||||
# Load identities.
|
||||
if ssh-add -l 2>&1 | grep -q 'The agent has no identities'; then
|
||||
zstyle -a ':prezto:module:ssh:load' identities '_ssh_identities'
|
||||
|
|
@ -50,11 +43,14 @@ if ssh-add -l 2>&1 | grep -q 'The agent has no identities'; then
|
|||
# program specified by SSH_ASKPASS and open an X11 window to read the
|
||||
# passphrase.
|
||||
if [[ -n "$DISPLAY" && -x "$SSH_ASKPASS" ]]; then
|
||||
ssh-add ${_ssh_identities:+$_ssh_dir/${^_ssh_identities[@]}} < /dev/null 2> /dev/null
|
||||
ssh-add "${_ssh_identities:+$_ssh_dir/${^_ssh_identities[@]}}" < /dev/null 2> /dev/null
|
||||
elif [[ "$OSTYPE" == darwin* ]]; then
|
||||
# macOS: `ssh-add -A` will load all identities defined in Keychain
|
||||
ssh-add -A 2> /dev/null
|
||||
else
|
||||
ssh-add ${_ssh_identities:+$_ssh_dir/${^_ssh_identities[@]}} 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
|
||||
# Clean up.
|
||||
unset _ssh_{dir,identities} _ssh_agent_{env,sock}
|
||||
unset _ssh_{dir,identities,agent_env}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue