Hi all, I have my own systemd "user" .service unit that I like to use to start ssh-agent the way I want it started, which works fine… except for the neverending game of whack-a-mole tracking down and disabling various legacy workarounds that go ahead and start ssh-agent unasked (or emulate it, poorly, like gnome-keyring) and clobber my SSH_AUTH_SOCK env-var.
Here's my service file: $ cat /etc/systemd/user/ssh-agent.service [Unit] Description=SSH key agent [Service] Type=exec # %t resolves to XDG_RUNTIME_DIR; see SPECIFIERS section in systemd.unit(5) ExecStart=/usr/bin/ssh-agent -D -a "%t/ssh-agent.socket" [Install] WantedBy=default.target Sure enough, on a current laptop running Bookworm, even though I have that service enabled and running, and I've gone through my list of things to disable, there's a superfluous ssh-agent process running with the default randomized socket location, and SSH_AUTH_SOCK has been clobbered to point at that. Here's what I know so far: $ env | grep -i ssh SSH_AUTH_SOCK=/tmp/ssh-XXXXXXZAaNOY/agent.3010 SSH_AGENT_PID=3011 $ ps ax | grep 3011 3011 ? Ss 0:00 /usr/bin/ssh-agent -s $ pstree -ps 3011 systemd(1)───ssh-agent(3011) Here I get confused. The path shown by ps rules out the possibility that it's some other utility pretending to be ssh-agent. Unless I'm mistaken, that pstree result indicates that this ssh-agent process was started by systemd, but: $ grep -rl ssh-agent /usr/lib/systemd/ /usr/lib/systemd/user-environment-generators/90gpg-agent /usr/lib/systemd/user/gpg-agent-ssh.socket /usr/lib/systemd/user/ssh-agent.service Even though gpg-agent is running, I think it can be ignored because: * it wouldn't show up in ps as "/usr/bin/ssh-agent", * that environment generator only sets the SSH_AUTH_SOCK env-var if "enable-ssh-support" is enabled per "gpgconf --list-options gpg-agent", which it is not, and * Those two ssh-related env-vars don't match gpg-agent's PID or ssh-agent-socket path. And /usr/lib/systemd/user/ssh-agent.service is not the culprit, because: * /etc/systemd/user/ssh-agent.service has a higher priority, which causes systemd to ignore the one under /usr/lib/, and * /usr/lib/systemd/user/ssh-agent.service uses the socket location "$XDG_RUNTIME_DIR/openssh_agent" Continuing the search: $ grep -rl ssh-agent /etc/systemd/ Returns one hit, which is my custom service file as shown above $ grep -rl ssh-agent ~/.config/systemd/ Returns nothing, unsurprisingly. Things that are already disabled: * gnome-keyring is not installed * /etc/X11/Xsession.options option use-ssh-agent is commented out * XFCE4's "Application Autostart" config has no entry for ssh-agent * XFCE4's "Launch GNOME services on startup" is disabled (If enabled, this option launches gnome-keyring if available, which by default would emulate ssh-agent and clobber the env-var) * $ grep -rl ssh-agent ~/.config/autostart/ returns nothing, as expected Anyone got any idea where I should look next to identify what's actually starting that rogue ssh-agent process & clobbering my env-var, and prevent it from doing so? Cheers! -Chris PS. Please keep all replies on-list, thanks!
