Bug#231276: ssh: ssh-agent (in command mode) doesn't clean up its socket

Thu, 05 Feb 2004 09:22:03 -0600 

Package: ssh
Version: 1:3.4p1-1.woody.3
Severity: wishlist

There are two main modes of using ssh-agent.  The first and most
popular is like this :-

$ eval `ssh-agent`
$ ssh-add 
[ ... prompts/responses... ]
[ interactive shell session including ssh/scp commands ... ]
$ eval `ssh-agent -k`

The second is like this :-

$ ssh-agent bash
$ ssh-add 
[ ... prompts/responses... ]
[ interactive shell session including ssh/scp commands ... ]
$ exit 

This can be very useful for running noninteractive programs
(e.g. where there is no passphrase on the ssh identity file).
However, if you use ssh-agent in this way, it fails to clean up its
socket file :-


[EMAIL PROTECTED]:~$ ssh-agent bash -c 'echo $SSH_AUTH_SOCK'
/tmp/ssh-XXDI6cJc/agent.19852
[EMAIL PROTECTED]:~$ ssh-agent bash -c 'echo $SSH_AUTH_SOCK'
/tmp/ssh-XXtz469D/agent.19854
[EMAIL PROTECTED]:~$ ls -d /tmp/ssh*
/tmp/ssh-XXDI6cJc  /tmp/ssh-XXqjUjYg  /tmp/ssh-XXtz469D


Each of the two invocations of ssh-agent above creates a new socket,
whereas those sockets should have been deleted when the ssh-agent
tasks exited.  According to 'fuser', the sockets are no longer in use
(i.e. the associated instance of ssh-agent is indeed dead, rather than
just backgrounded).



-- System Information
Debian Release: 3.0
Kernel Version: Linux excession.spiral-arm.org 2.4.22-physmem-patch2-5um #1 Wed 
Jan 7 08:40:12 GMT 2004 i686 unknown

Versions of the packages ssh depends on:
ii  adduser        3.47           Add and remove users and groups
ii  debconf        1.0.32         Debian configuration management system
ii  libc6          2.2.5-11.5     GNU C Library: Shared libraries and Timezone
ii  libpam-modules 0.72-35        Pluggable Authentication Modules for PAM
ii  libpam0g       0.72-35        Pluggable Authentication Modules library
ii  libssl0.9.6    0.9.6c-2.woody SSL shared libraries
ii  libwrap0       7.6-9          Wietse Venema's TCP wrappers library
ii  zlib1g         1.1.4-1.0woody compression library - runtime

--- Begin /etc/pam.d/ssh (modified conffile)
auth       required     pam_nologin.so
auth       required     pam_unix.so
auth       required     pam_env.so # [1]
account    required     pam_unix.so
session    required     pam_unix.so
session    optional     pam_lastlog.so # [1]
session    optional     pam_motd.so # [1]
session    optional     pam_mail.so standard noenv # [1]
session    required     pam_limits.so
password   required     pam_unix.so md5

--- End /etc/pam.d/ssh

Reply via email to