Directly use ssh-agent instead of keychain

2021-09-19 17:58:44 +02:00 · 2021-09-19 17:58:44 +02:00 · 71038b0a65
parent 5086ba686d
commit 71038b0a65
3 changed files with 27 additions and 24 deletions
--- a/17
+++ b/17
@ -77,23 +77,16 @@ if [ ${USER} != "root" ] && [ $(command -v startx) ]; then
 	fi
 fi

-# Keychain {{{
-## TODO: user must be able to see ssh-agent process
-## Be careful with hidepid !
-if [ -f $HOME/.ssh/id_rsa ]; then
-	eval $(keychain --eval --quiet --agents ssh id_rsa)
-fi
-
-if [ -f $HOME/.ssh/id_ed25519 ]; then
-	eval $(keychain --eval --quiet --agents ssh id_ed25519)
-fi
+# ssh-agent with fix socket path {{{
+## See load-ssh-agent function in ~/.zsh/zshrc
+load-ssh-agent
 # }}}

-# GPG Agent
+# GPG Agent {{{
 if [ -f $HOME/.gnupg/secring.gpg ]; then
 	# Keychain
 	## Don't ask for gpg password, it will be asked at the first usage
 	keychain --noask --agents gpg
 	. $HOME/.keychain/$HOST-sh-gpg
 fi
-
+# }}}
--- a/5
+++ b/5
@ -100,3 +100,8 @@ if [ $(command -v tmux) ]; then
  export TMUX_TMPDIR=~/.tmux/socks/
  [ ! -d "${TMUX_TMPDIR}" ] && mkdir -p -- "${TMUX_TMPDIR}" || chmod 0700 -- "${TMUX_TMPDIR}"
 fi
+
+# SSH
+## Specify ssh-agent socket path
+SSH_AGENT_SOCK="${HOME}/.ssh/socks/ssh_auth"
+SSH_AGENT_ENV="${HOME}/.ssh/socks/ssh_agent_env"
--- a/29
+++ b/29
@ -314,20 +314,25 @@ alias ping6="ping6 -c 3"
 ## JOSM
 alias josm="java -jar -Xmx2048M /opt/josm-tested.jar"

-# Keychain
-## For SSH {{{
-function ssh() {
-	## If keychain exists, run ssh from default $PATH as usual
-	if [ -f ~/.keychain/"${HOST}"-sh ]; then
-		command -p ssh "${*}"
-	else ## Otherwise, reload keychain and run ssh
-		keychain --agents ssh
-		source ~/.keychain/"${HOST}"-sh
-		command -p ssh "${*}"
+# Function to load ssh-agent with a fix socket path {{{
+## This function can be used :
+##   1. in zlogin (for a new shell)
+function load-ssh-agent() {
+	## If a ssh-key is available
+	##   AND ssh-agent not launched
+	if find "${HOME}/.ssh" -maxdepth 1 -type f -iname "id_*" > /dev/null 2>&1 &&
+	   ! ps -x | grep -v grep | grep -Fq -- "ssh-agent -a ${SSH_AGENT_SOCK}"; then
+		### Remove any previous socket and environment files
+		rm --force -- "${SSH_AGENT_SOCK}" "${SSH_AGENT_ENV}"
+		### Start ssh-agent with a specified socket path
+		###   AND store informations in a file
+		ssh-agent -a "${SSH_AGENT_SOCK}" > "${SSH_AGENT_ENV}"
 	fi
+	## Load content of ssh-agent environment file
+	source "${SSH_AGENT_ENV}"
 }
-## }}}
-## For GPG {{{
+# }}}
+## Keychain for GPG {{{
 function gpg() {
 	## If keychain exists, run gpg from default $PATH as usual
 	if [ -f ~/.keychain/"${HOST}"-sh-gpg ]; then