Re: Backgrounding part of 'ssh-agent $cmd'

Bart Schaefer wrote on Thu, Jan 17, 2013 at 23:26:02 -0800:
> I'm glad my suggestion answered your question, but I don't think that I
> have solved your actual problem.  Wandering a bit afield of zsh here ...

The part that I find less than ideal so far is that, under load, the GUI
ssh-askpass dialog appears after foo_main has started.  It's a problem,
not because of the ordering (it's not a problem even to run
foo_ssh_preseed only after foo_main has started), but because my "enter
ssh pw, enter foo_main pw" muscle memory gets bypassed.

> On Jan 18,  8:18am, Daniel Shahaf wrote:
> }
> } Yes, and yes my distribution sets up a session-global ssh-agent
> } instance.  Using a separate agent was a means to an end: not having the
> } ssh keys decrypted in memory whilst the laptop is hibernating.
> I'm not sure you've actually accomplished that.  From what you've
> described, you're counting on the set of ssh created in foo_ssh_preseed
> to exit because the network connections time out while the laptop sleeps?


> That means "ssh-add -D" doesn't run until the laptop *wakes up again*
> and the "wait" in foo_ssh_preseed returns.  The agent's memory state
> is dumped in the hibernate data with the keys still loaded.  Boot from
> removable media and that data could be mined.  Am I missing something?

'ssh -MNf' daemonizes itself, so foo_ssh_preseed takes about 5 seconds
from start to finish.

<OT>The daemons open and keep open SSH TCP connections, so that subsequent
interactive 'ssh host1' commands don't need to do the TCP handshake and
SSH authentication handshake --- which speeds them up.  This relies on
ControlPath (and maybe ServerAliveInterval) being set in ~/.ssh/config.</OT>

I'd tell you exactly how long foo_ssh_preseed takes, but time(1zsh)
doesn't work on functions:

% zsh -fc 'time () { sleep 1 } ' 
% zsh -fc 'f(){ sleep 1 } ; time f'  

> You would need Christian's suspend-hook idea to get "ssh-add -D" to
> run before the laptop hibernates.  In which case you might as well
> use the session-global agent ...



