Gordon Messmer wrote:
On 03/29/2013 08:19 AM, m.roth@5-cent.us wrote:
Well, no. If you look at the stock /etc/X11/xinit/xinitrc-common. at the bottom of the file, that's where it sets this stuff. As I said, we *have* to use the compiled from more recent versions of ssh, because the current stock version doesn't support US gov't PIV cards for
authentication.
And doing this, I only get one agent, and it gets killed automagically
when
I log out, as expected.
I understand that. I'm just trying to point out that if you set the SSH_AGENT variable, it should be much less complex than it sounds in your description. ssh-agent runs the shell as a child, and exits when the session does. There's no "killing" involved.
<snip> I've finally got it working. First, I create that file /etc/X11/xinit/Xclients.d/Xclients.gnome-session.sh, whose contents are #!/bin/sh exec -l $SHELL -c "$SSH_AGENT gnome-session"
Now, I do *not* have a clue of the impact of not letting gnome-keyring-agent run. If someone here does, feel free to discuss it, and let me know if I *can* just chmod -x.
Anyway, my hack which works neatly is to create a three line shell script that goes into the users .<shellrc> file, whose contents are: #!/bin/sh export SSH_AGENT_PID=`ps -fu $USER | awk '($0 ~ //usr/bin/piv-ssh-agent/) { print $2;}'` export SSH_AUTH_SOCKET=`awk '($0 ~ //tmp/ssh-/ ) { print $NF;}' /proc/$SSH_AGENT_PID/net/unix `
It's a hack, but a clean hack, and I'm not wasting more hours, and my user is up and running.
mark