From 302270174d8173be35e8c1b464a0d9e731650c15 Mon Sep 17 00:00:00 2001 From: Michael Stucki Date: Sun, 1 Jul 2018 18:20:34 +0200 Subject: Use existing ssh-agent when invoking a sudo shell (#3891) When invoking a shell as root using ```sudo -s```, the ssh-agent plugin starts a new agent although it already exists. The problem boils down to a check if ssh-agent is running using ```ps x```. If that is extended to ```ps ax``` for root, then the existing ssh-agent will still work. --- plugins/ssh-agent/ssh-agent.plugin.zsh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'plugins/ssh-agent/ssh-agent.plugin.zsh') diff --git a/plugins/ssh-agent/ssh-agent.plugin.zsh b/plugins/ssh-agent/ssh-agent.plugin.zsh index 20f97c6f1..fe4946c6d 100644 --- a/plugins/ssh-agent/ssh-agent.plugin.zsh +++ b/plugins/ssh-agent/ssh-agent.plugin.zsh @@ -30,7 +30,12 @@ if [[ $_agent_forwarding == "yes" && -n "$SSH_AUTH_SOCK" ]]; then elif [[ -f "$_ssh_env_cache" ]]; then # Source SSH settings, if applicable . $_ssh_env_cache > /dev/null - ps x | grep ssh-agent | grep -q $SSH_AGENT_PID || { + if [[ $USER == "root" ]]; then + FILTER="ax" + else + FILTER="x" + fi + ps $FILTER | grep ssh-agent | grep -q $SSH_AGENT_PID || { _start_agent } else -- cgit v1.2.3-70-g09d2 From fabee55948776e2e4c210e9dcd75e7bc38c02bec Mon Sep 17 00:00:00 2001 From: Marc Cornellà Date: Wed, 9 Jan 2019 21:19:52 +0100 Subject: ssh-agent: autoload identities not already loaded (#7174) With this PR the ssh-agent plugin checks the `ssh-add -l` output for the identities added, and adds all those specified by the user that haven't been added yet. We also decouple the logic of starting ssh-agent from the logic of adding identities, meaning that even if ssh-agent has been started by some other means (like launchd) we can still ssh-add the user's identities. Fixes #3019 Fixes #6979 --- plugins/ssh-agent/ssh-agent.plugin.zsh | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'plugins/ssh-agent/ssh-agent.plugin.zsh') diff --git a/plugins/ssh-agent/ssh-agent.plugin.zsh b/plugins/ssh-agent/ssh-agent.plugin.zsh index fe4946c6d..a688855d0 100644 --- a/plugins/ssh-agent/ssh-agent.plugin.zsh +++ b/plugins/ssh-agent/ssh-agent.plugin.zsh @@ -2,20 +2,27 @@ typeset _agent_forwarding _ssh_env_cache function _start_agent() { local lifetime - local -a identities - - # start ssh-agent and setup environment zstyle -s :omz:plugins:ssh-agent lifetime lifetime + # start ssh-agent and setup environment + echo starting ssh-agent... ssh-agent -s ${lifetime:+-t} ${lifetime} | sed 's/^echo/#echo/' >! $_ssh_env_cache chmod 600 $_ssh_env_cache . $_ssh_env_cache > /dev/null +} - # load identies +function _add_identities() { + local id line + local -a identities ids zstyle -a :omz:plugins:ssh-agent identities identities - echo starting ssh-agent... - ssh-add $HOME/.ssh/${^identities} + # get list of loaded identities + for line in ${(f)"$(ssh-add -l)"}; do ids+=${${(z)line}[3]}; done + + # add identities if not already loaded + for id in ${^identities}; do + [[ ${ids[(I)$HOME/.ssh/$id]} -le 0 ]] && ssh-add $HOME/.ssh/$id + done } # Get the filename to store/lookup the environment from @@ -42,6 +49,8 @@ else _start_agent fi +_add_identities + # tidy up after ourselves unset _agent_forwarding _ssh_env_cache -unfunction _start_agent +unfunction _start_agent _add_identities -- cgit v1.2.3-70-g09d2 From 2a603856598eafc3c8a0bde80f8a885d2a81dfee Mon Sep 17 00:00:00 2001 From: François Scala Date: Mon, 14 Jan 2019 16:38:45 +0100 Subject: ssh-agent: use key signatures to check loaded ids (#7504) Use fingerprint of ssh key instead of file name to control if the key is already loaded. Also check for .ssh folder presence (#5128) --- plugins/ssh-agent/ssh-agent.plugin.zsh | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'plugins/ssh-agent/ssh-agent.plugin.zsh') diff --git a/plugins/ssh-agent/ssh-agent.plugin.zsh b/plugins/ssh-agent/ssh-agent.plugin.zsh index a688855d0..2a860f3aa 100644 --- a/plugins/ssh-agent/ssh-agent.plugin.zsh +++ b/plugins/ssh-agent/ssh-agent.plugin.zsh @@ -12,16 +12,28 @@ function _start_agent() { } function _add_identities() { - local id line - local -a identities ids + local id line sig + local -a identities loaded signatures zstyle -a :omz:plugins:ssh-agent identities identities - # get list of loaded identities - for line in ${(f)"$(ssh-add -l)"}; do ids+=${${(z)line}[3]}; done + # check for .ssh folder presence + if [[ ! -d $HOME/.ssh ]]; then + return + fi + + # get list of loaded identities' signatures + for line in ${(f)"$(ssh-add -l)"}; do loaded+=${${(z)line}[2]}; done + + # get signatures of private keys + for id in $identities; do + signatures+="$(ssh-keygen -lf "$HOME/.ssh/$id" | awk '{print $2}') $id" + done # add identities if not already loaded - for id in ${^identities}; do - [[ ${ids[(I)$HOME/.ssh/$id]} -le 0 ]] && ssh-add $HOME/.ssh/$id + for sig in $signatures; do + id="$(cut -f2 <<< $sig)" + sig="$(cut -f1 <<< $sig)" + [[ ${loaded[(I)$sig]} -le 0 ]] && ssh-add $HOME/.ssh/$id done } -- cgit v1.2.3-70-g09d2 From 9329efd2522b3eaba5f6d9d53e41c090eb6b3c92 Mon Sep 17 00:00:00 2001 From: Andreas Date: Mon, 14 Jan 2019 16:42:14 +0100 Subject: ssh-agent: autoload identities in one go (#7507) With this PR the ssh-agent plugin loads all identities which are not yet loaded in a single call to ssh-add. If a passphrase is shared between loaded identities it only needs to be entered once. Fixes #7506 --- plugins/ssh-agent/ssh-agent.plugin.zsh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'plugins/ssh-agent/ssh-agent.plugin.zsh') diff --git a/plugins/ssh-agent/ssh-agent.plugin.zsh b/plugins/ssh-agent/ssh-agent.plugin.zsh index 2a860f3aa..1cc5630e1 100644 --- a/plugins/ssh-agent/ssh-agent.plugin.zsh +++ b/plugins/ssh-agent/ssh-agent.plugin.zsh @@ -13,7 +13,7 @@ function _start_agent() { function _add_identities() { local id line sig - local -a identities loaded signatures + local -a identities loaded not_loaded signatures zstyle -a :omz:plugins:ssh-agent identities identities # check for .ssh folder presence @@ -33,8 +33,10 @@ function _add_identities() { for sig in $signatures; do id="$(cut -f2 <<< $sig)" sig="$(cut -f1 <<< $sig)" - [[ ${loaded[(I)$sig]} -le 0 ]] && ssh-add $HOME/.ssh/$id + [[ ${loaded[(I)$sig]} -le 0 ]] && not_loaded+="$HOME/.ssh/$id" done + + if [[ -n "$not_loaded" ]] && ssh-add ${^not_loaded} } # Get the filename to store/lookup the environment from -- cgit v1.2.3-70-g09d2 From 9d1dd24e3568ebbcce093bb351ea776a0bf2c0ff Mon Sep 17 00:00:00 2001 From: Marc Cornellà Date: Sat, 19 Jan 2019 18:00:04 +0100 Subject: ssh-agent: add default keys if no zstyle identities were set (#7520) --- plugins/ssh-agent/ssh-agent.plugin.zsh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'plugins/ssh-agent/ssh-agent.plugin.zsh') diff --git a/plugins/ssh-agent/ssh-agent.plugin.zsh b/plugins/ssh-agent/ssh-agent.plugin.zsh index 1cc5630e1..0a204309e 100644 --- a/plugins/ssh-agent/ssh-agent.plugin.zsh +++ b/plugins/ssh-agent/ssh-agent.plugin.zsh @@ -21,6 +21,16 @@ function _add_identities() { return fi + # add default keys if no identities were set up via zstyle + # this is to mimic the call to ssh-add with no identities + if [[ ${#identities} -eq 0 ]]; then + # key list found on `ssh-add` man page's DESCRIPTION section + for id in id_rsa id_dsa id_ecdsa id_ed25519 identity; do + # check if file exists + [[ -f "$HOME/.ssh/$id" ]] && identities+=$id + done + fi + # get list of loaded identities' signatures for line in ${(f)"$(ssh-add -l)"}; do loaded+=${${(z)line}[2]}; done @@ -36,7 +46,7 @@ function _add_identities() { [[ ${loaded[(I)$sig]} -le 0 ]] && not_loaded+="$HOME/.ssh/$id" done - if [[ -n "$not_loaded" ]] && ssh-add ${^not_loaded} + [[ -n "$not_loaded" ]] && ssh-add ${^not_loaded} } # Get the filename to store/lookup the environment from -- cgit v1.2.3-70-g09d2 From c4948696328eab3b954932eb940ec8ec97b12906 Mon Sep 17 00:00:00 2001 From: Marc Cornellà Date: Mon, 21 Jan 2019 20:31:30 +0100 Subject: ssh-agent: check for loaded id filenames first (#7521) This change makes the plugin check if an identity is loaded by looking first at the key filename reported by `ssh-add -l`. This fixes the use case where ssh-keygen is not able to output the fingerprint of a key, such as the one reported on #7516. Now, for an identity to be passed onto ssh-add, it has to fail the match for a loaded identity, both filename and signature. --- plugins/ssh-agent/ssh-agent.plugin.zsh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'plugins/ssh-agent/ssh-agent.plugin.zsh') diff --git a/plugins/ssh-agent/ssh-agent.plugin.zsh b/plugins/ssh-agent/ssh-agent.plugin.zsh index 0a204309e..a7a4ee33a 100644 --- a/plugins/ssh-agent/ssh-agent.plugin.zsh +++ b/plugins/ssh-agent/ssh-agent.plugin.zsh @@ -13,7 +13,7 @@ function _start_agent() { function _add_identities() { local id line sig - local -a identities loaded not_loaded signatures + local -a identities loaded_sigs loaded_ids not_loaded zstyle -a :omz:plugins:ssh-agent identities identities # check for .ssh folder presence @@ -31,19 +31,19 @@ function _add_identities() { done fi - # get list of loaded identities' signatures - for line in ${(f)"$(ssh-add -l)"}; do loaded+=${${(z)line}[2]}; done - - # get signatures of private keys - for id in $identities; do - signatures+="$(ssh-keygen -lf "$HOME/.ssh/$id" | awk '{print $2}') $id" + # get list of loaded identities' signatures and filenames + for line in ${(f)"$(ssh-add -l)"}; do + loaded_sigs+=${${(z)line}[2]} + loaded_ids+=${${(z)line}[3]} done # add identities if not already loaded - for sig in $signatures; do - id="$(cut -f2 <<< $sig)" - sig="$(cut -f1 <<< $sig)" - [[ ${loaded[(I)$sig]} -le 0 ]] && not_loaded+="$HOME/.ssh/$id" + for id in $identities; do + # check for filename match, otherwise try for signature match + if [[ ${loaded_ids[(I)$HOME/.ssh/$id]} -le 0 ]]; then + sig="$(ssh-keygen -lf "$HOME/.ssh/$id" | awk '{print $2}')" + [[ ${loaded_sigs[(I)$sig]} -le 0 ]] && not_loaded+="$HOME/.ssh/$id" + fi done [[ -n "$not_loaded" ]] && ssh-add ${^not_loaded} -- cgit v1.2.3-70-g09d2 From 0f0448fa6c431cb9894e82741ec5b4dd90872ba8 Mon Sep 17 00:00:00 2001 From: Jannik <6362150+janniks@users.noreply.github.com> Date: Tue, 7 May 2019 21:21:55 +0200 Subject: ssh-agent: consolidate uppercase message (#7834) --- plugins/ssh-agent/ssh-agent.plugin.zsh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/ssh-agent/ssh-agent.plugin.zsh') diff --git a/plugins/ssh-agent/ssh-agent.plugin.zsh b/plugins/ssh-agent/ssh-agent.plugin.zsh index a7a4ee33a..9471ff49c 100644 --- a/plugins/ssh-agent/ssh-agent.plugin.zsh +++ b/plugins/ssh-agent/ssh-agent.plugin.zsh @@ -5,7 +5,7 @@ function _start_agent() { zstyle -s :omz:plugins:ssh-agent lifetime lifetime # start ssh-agent and setup environment - echo starting ssh-agent... + echo Starting ssh-agent... ssh-agent -s ${lifetime:+-t} ${lifetime} | sed 's/^echo/#echo/' >! $_ssh_env_cache chmod 600 $_ssh_env_cache . $_ssh_env_cache > /dev/null -- cgit v1.2.3-70-g09d2 From 101ea872326211830e90d2bd01bd8506673f9d11 Mon Sep 17 00:00:00 2001 From: Marc Cornellà Date: Sun, 8 Sep 2019 16:07:06 +0200 Subject: ssh-agent: check if `ssh-add -l` was successful --- plugins/ssh-agent/ssh-agent.plugin.zsh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'plugins/ssh-agent/ssh-agent.plugin.zsh') diff --git a/plugins/ssh-agent/ssh-agent.plugin.zsh b/plugins/ssh-agent/ssh-agent.plugin.zsh index 9471ff49c..6ab041c21 100644 --- a/plugins/ssh-agent/ssh-agent.plugin.zsh +++ b/plugins/ssh-agent/ssh-agent.plugin.zsh @@ -12,7 +12,7 @@ function _start_agent() { } function _add_identities() { - local id line sig + local id line sig lines local -a identities loaded_sigs loaded_ids not_loaded zstyle -a :omz:plugins:ssh-agent identities identities @@ -32,10 +32,12 @@ function _add_identities() { fi # get list of loaded identities' signatures and filenames - for line in ${(f)"$(ssh-add -l)"}; do - loaded_sigs+=${${(z)line}[2]} - loaded_ids+=${${(z)line}[3]} - done + if lines=$(ssh-add -l); then + for line in ${(f)lines}; do + loaded_sigs+=${${(z)line}[2]} + loaded_ids+=${${(z)line}[3]} + done + fi # add identities if not already loaded for id in $identities; do -- cgit v1.2.3-70-g09d2