On both my Redhat 8.0 and 9 boxes, I have been seeing this issue when running keychain 2.0.2. I have "keychain" set up in my .cshrc file. To reproduce: Start a new terminal window, and a new ssh-agent process will be started because an existing "ssh-agent -s" process is not found. On RH, for some reason, ssh-agent is started when "switchdesk" is run. This causes keychain to spawn a new ssh-agent process for each terminal window. The following patch fixes this on RH, but is a better patch to simply check each PID returned for an "ssh-agent -s" process? Patch (diff -c) follows: *** keychain 2003-08-10 16:19:19.000000000 -0500 --- keychain.updated 2003-08-10 16:18:59.000000000 -0500 *************** *** 271,277 **** --- 271,298 ---- fi fi + # Work around stupid RH issue. + # When logging into RH 8 & RH9, I keep getting a new ssh-agent process spawned for each + # terminal window I open. + # + # The issue seems to be that there is this other ssh-agent run as part of "switchdesk". + # I don't know why. By excluding "switchdesk" (grep -v switchdesk), keychain works properly. + # + # On RH, under KDE login, ps -uxw shows me: + #ps -uxw | grep "[s]sh-agent" + #barnett 837 0.0 0.4 4580 1040 ? S 15:32 0:00 -/bin/tcsh -c /usr/bin/ssh-agent /usr/share/apps/switchdesk/Xclients.kde + #barnett 891 0.0 0.3 3144 984 ? S 15:32 0:00 /usr/bin/ssh-agent /usr/share/apps/switchdesk/Xclients.kde + #barnett 2802 0.0 0.4 3164 1064 ? S 15:38 0:00 ssh-agent -s + # + # while if I exclude switchdesk, I get the "right" answer: + #ps -uxw | grep -v switchdesk | grep "[s]sh-agent" + #barnett 2802 0.0 0.4 3164 1064 ? S 15:38 0:00 ssh-agent -s + if [ -f "/etc/redhat-release" ] ; then + mypids=`ps $psopts 2>/dev/null | grep -v 'switchdesk' | grep "[s]sh-agent"` > /dev/null 2>&1 + else mypids=`ps $psopts 2>/dev/null | grep "[s]sh-agent"` > /dev/null 2>&1 + fi + #extract the second item from mypids: if [ -n "$mypids" ] then
Created attachment 15868 [details, diff] Patch to fix multiple ssh-agent processes under RH8/9 Sorry, I figured I could attach a file, but didn't see how on the initial page, so I put the patch file's contents there. This file is the "patch" file used to confirm the fix.
how did you install keychain? are you using the gentoo-provided rpm ?
I installed from the source kit. Currently, it is in an odd spot on my machine [RH9 now]: /home/barnett/FTP/in/keychain-2.0.2/keychain instead of /usr/bin/keychain, but I got the same results on RH8.0 after using the RPM [I think I used the RPM then....].
I believe the more general solution is to restore the code that was in keychain 1.8. It would still appear that the code believes that mypids is a list of pid's that contain ssh-agent. In version 1.8 the code did mypids=`ps $psopts 2>/dev/null | grep "[s]sh-agent" | awk '{print $2}'` >/dev/null 2>&1 Both version 1.8 and 2.0.x still have the loop later on to iterate over the list of pids to see find the 'right pid'. The more general solution is to add the awk back in so that mypids actually becomes a list of pids rather than the first one that ps finds. There are other reasons to have multiple ssh-agents running.
Hello, I had been using ssh with an empty passphrase until I saw Daniel's articles on www-106.ibm.com. First I encrypted my public key on a debian box, and got keychain running fine, where I could ssh from my debian box to my RH9 box without entering the passphrase. Next, I reciprocated, starting from my RH9 box, but now I have two instances of ssh-agent on that box, and it asks me for my passphrase every session. BTW, I am running RH9 w/ Gnome/bluecurve (not using switchdesk AFAIK) When I log in to Gnome (after a restart, say) it asks me for my password, then I get a dialog box asking for my passphrase. I open up a terminal window and run keychain, just to check the status: ---------------------------------- keychain > * Found running ssh-agent (4421) ps -A | grep ssh-agent > 4421 ? 00:00:00 ssh-agent > 4446 ? 00:00:00 ssh-agent pstree -p | grep ssh-agent >init─┬ > ├─gdm-binary───gdm-binary─┬─X > │ └─gnome-session───ssh-agent(4446) > ├─ssh-agent(4421) (added extra lines for clarity) ---------------------------------- My pain is that I am still being asked for my passphrase for every session with my debian box (yes, the new encrypted key is in debian:~/.ssh/authorized_keys). I would think that being asked for my passphrase when I log in to gnome would be enough for keychain/ssh-agent to remember. I am thinking that having two instances of ssh-agent is causing my pain. rick ... dot ... hull ... at ... gmail ... dot ... com
Sorry about the formatting for pstree. ssh-agent(4446) is child of gnome-session. gnome-session and X are siblings, children of gdm-binary(4343), child of gdm-binary(4300). ssh-agent(4421) is child of init. the keychain script only recognizes 4421. BTW, I installed keychain-2.3.3 from source.
Dave, I'm sorry I have never seen this bug until now. I believe I fixed the problem you're seeing though. Try the most recent rpm from http://dev.gentoo.org/~agriffis/keychain/ Rick, I don't have a RH box handy at the moment but I'll track one down so I can investigate your report.
Please try keychain-2.5.0, just released at http://dev.gentoo.org/~agriffis/keychain/ Recently the method of tracking down processes has changed, so I'd like to know if this version solves the problems mentioned in this report.
no response, believe this is fixed. Please re-open if you still see the problem.
