Skip to content

caches ssh-agent credentials, provides them across shell sessions

License

Notifications You must be signed in to change notification settings

kstr0k/ssh_agent_share

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 

Repository files navigation

ssh_agent_share

Share ssh-agent credentials across shell sessions

Usage

ssh_agent_share [OPTION]...

  --help           print this help message
  --[no-]-inherit  use/ignore SSH_AUTH_SOCK from environment
  --lockwait W     seconds to wait for lock (default: 1.5)
  --timeout T      default expiry time for all identities (3 days in secs)
  --dir PATH       agent credential cache path (~/.ssh/.ssh_agent_share/)
  --host HOST      override default hostname

Example:

  eval >/dev/null "$(ssh_agent_share --lockwait 3)"
  # optimized
  [ -w "${SSH_AUTH_SOCK:-} ]" ||
    eval >/dev/null "$(exec ssh_agent_share --lockwait 3)"

Operation

This program caches ssh-agent output (SSH_AUTH_SOCK=, SSH_AGENT_PID=) so that credentials are available across shell sessions. If --inherit is active and the environment contains a valid SSH_AUTH_SOCK, the program exits (there's nothing to configure). Otherwise, it:

  • checks for a valid cache
  • starts a new agent if necessary, caching the output
  • sends the cached credentials to stdout (which may be eval'd by .bashrc or other shell scripts).

Access to the cache file is protected by a lock. This avoids race conditions when starting multiple shell sessions (e.g. via tmux resurrect). The program tries to acquire the lock for --lockwait seconds, then gives up (to avoid hangs).

Performance

This program is implemented in perl. On the one hand, perl provides integrated, cross-platform flock and timeout facilities; on the other, while the interpreter startup cost is negligible, the same cannot be said about various imported modules (in particular, this is why I've eschewed using Getopt::Long and pod2usage, and why the optimized usage above doesn't call the program at all if a valid SSH_AUTH_SOCK is present).

It's possible to achieve the same functionality in .bashrc using timeout (from GNU coreutils) and flock from util-linux (or equivalents). This will reduce portability across platforms / shells, but turns out to be a bit faster (even though external executables need to be called).

See also

keychain

Copyright

Alin Mr [email protected] / MIT license.

About

caches ssh-agent credentials, provides them across shell sessions

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages