Gordon Messmer wrote: > On 03/29/2013 08:19 AM, m.roth at 5-cent.us wrote: >> >> Well, no. If you look at the stock /etc/X11/xinit/xinitrc-common. at the >> bottom of the file, that's where it sets this stuff. As I said, we >> *have* to use the compiled from more recent versions of ssh, because the >> current stock version doesn't support US gov't PIV cards for authentication. >> And doing this, I only get one agent, and it gets killed automagically when >> I log out, as expected. > > I understand that. I'm just trying to point out that if you set the > SSH_AGENT variable, it should be much less complex than it sounds in > your description. ssh-agent runs the shell as a child, and exits when > the session does. There's no "killing" involved. <snip> I've finally got it working. First, I create that file /etc/X11/xinit/Xclients.d/Xclients.gnome-session.sh, whose contents are #!/bin/sh exec -l $SHELL -c "$SSH_AGENT gnome-session" Now, I do *not* have a clue of the impact of not letting gnome-keyring-agent run. If someone here does, feel free to discuss it, and let me know if I *can* just chmod -x. Anyway, my hack which works neatly is to create a three line shell script that goes into the users .<shellrc> file, whose contents are: #!/bin/sh export SSH_AGENT_PID=`ps -fu $USER | awk '($0 ~ /\/usr\/bin\/piv-ssh-agent/) { print $2;}'` export SSH_AUTH_SOCKET=`awk '($0 ~ /\/tmp\/ssh-/ ) { print $NF;}' /proc/$SSH_AGENT_PID/net/unix ` It's a hack, but a clean hack, and I'm not wasting more hours, and my user is up and running. mark