Re: at/batch(1) and ssh-agent(1) environment variables

2018-01-31 Thread Todd C. Miller 
On Wed, 31 Jan 2018 11:39:23 +0100, Erwin Geerdink wrote:

> at/batch(1) appears to not retain SSH_AUTH_SOCK and SSH_AGENT_PID
> environment variables when commands are executed. According to the man
> page: 
>
> "(...) The working directory, the environment (except for the variables
> TERM, TERMCAP, DISPLAY, and _), and the umask are retained from the
> time of invocation.  An at or batch command invoked from a su(1) shell
> will retain the current user ID."
>
> Why are those variables not preserved?

Because at/batch jobs are by their very nature non-interactive so
it doesn't make sense to preserve environment variables that are
specific to an interactive login.

If you wish to preserve those variables, you can do so explicitly.
For example:

echo "export SSH_AGENT_PID=$SSH_AGENT_PID; export SSH_AUTH_SOCK=$SSH_AUTH_SOCK; 
env" | at now

 - todd

at/batch(1) and ssh-agent(1) environment variables

2018-01-31 Thread Erwin Geerdink 
Hi,

at/batch(1) appears to not retain SSH_AUTH_SOCK and SSH_AGENT_PID
environment variables when commands are executed. According to the man
page: 

"(...) The working directory, the environment (except for the variables
TERM, TERMCAP, DISPLAY, and _), and the umask are retained from the
time of invocation.  An at or batch command invoked from a su(1) shell
will retain the current user ID."

Why are those variables not preserved?

My use case is an automated backup to a remote server with ssh public
key authentication (passphrased). Since cron + ssh-agent needs some
kind of workaround (e.g. predetermined socket location, Keychain etc.),
I intend to run the backup script with batch from ~/.xsession after
ssh-agent was started by default in /etc/X11/xenodm/Xsession. The
machine is not running continuously.

Example:

$ env
_=/usr/bin/env
LOGNAME=erwin
WINDOWPATH=ttyC4
WINDOWID=12582925
XTERM_SHELL=/bin/ksh
JAVA_HOME=/usr/local/jdk-1.7.0/
HOME=/home/erwin
LC_CTYPE=en_US.UTF-8
VISUAL=/usr/bin/mg
XTERM_VERSION=XTerm/OpenBSD(330)
DISPLAY=:0
SSH_AGENT_PID=73270
HOSTNAME=pc0.erwingeerdink.com
EDITOR=/usr/bin/mg
ENV=/home/erwin/.kshrc
PATH=/home/erwin/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/usr/games:.
SSH_AUTH_SOCK=/tmp/ssh-MmReEdpAhc7D/agent.15964
PAGER=less
TERM=xterm
SHELL=/bin/ksh
USER=erwin
XTERM_LOCALE=en_US.UTF-8
$ echo 'env' | at now 
commands will be executed using /bin/ksh
job 1517394411.c at Wed Jan 31 11:26:51 2018
$ doas cat /var/cron/log | fgrep '1517394411.c'
doas (er...@pc0.erwingeerdink.com) password: 
Jan 31 11:26:51 pc0 at[16305]: (erwin) CREATE (1517394411.c)
Jan 31 11:26:51 pc0 cron[27096]: (erwin) ATJOB (1517394411.c)
$ cat /var/mail/erwin
(...)

Your "at" job on pc0.erwingeerdink.com
"/var/cron/atjobs/1517394411.c"

produced the following output:

_=/usr/bin/env
LOGNAME=erwin
WINDOWPATH=ttyC4
WINDOWID=12582925
XTERM_SHELL=/bin/ksh
HOME=/home/erwin
JAVA_HOME=/usr/local/jdk-1.7.0/
LC_CTYPE=en_US.UTF-8
VISUAL=/usr/bin/mg
XTERM_VERSION=XTerm/OpenBSD(330)
HOSTNAME=pc0.erwingeerdink.com
EDITOR=/usr/bin/mg
ENV=/home/erwin/.kshrc
PATH=/home/erwin/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/usr/games:.
PAGER=less
XTERM_LOCALE=en_US.UTF-8
USER=erwin
$


dmesg:
OpenBSD 6.2 (GENERIC.MP) #2: Sun Dec 10 21:14:42 CET 2017

r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8034123776 (7661MB)
avail mem = 7783612416 (7423MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf0100 (53 entries)
bios0: vendor Award Software International, Inc. version "F4" date
10/19/2012 bios0: Gigabyte Technology Co., Ltd. GA-78LMT-USB3
acpi0 at bios0: rev 0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP MSDM HPET MCFG TAMG APIC SSDT
acpi0: wakeup devices USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5
(S3) USB6(S3) SBAZ(S4) P2P_(S5) PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6
(S4) PCE7(S4) PCE9(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz acpimcfg0 at acpi0 addr 0xe000, bus
0-255 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD FX(tm)-8320 Eight-Core Processor, 33398.65 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPEXT,ITSC,BMI1
cpu0: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB
64b/line 16-way L2 cache, 8MB 64b/line 64-way L3 cache cpu0: ITLB 48
4KB entries fully associative, 24 4MB entries fully associative cpu0:
DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: TSC frequency 33398645960 Hz cpu0: smt 0, core 0, package 0 mtrr:
Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic
clock running at 200MHz cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD FX(tm)-8320 Eight-Core Processor, 3515.55 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPEXT,ITSC,BMI1
cpu1: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB
64b/line 16-way L2 cache, 8MB 64b/line 64-way L3 cache cpu1: ITLB 48
4KB entries fully associative, 24 4MB entries fully associative cpu1:
DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu1: smt 0, core 3, package 0 cpu2 at mainbus0: apid 2 (application
processor) cpu2: AMD FX(tm)-8320 Eight-Core Processor, 3515.55 MHz
cpu2: