Obtaining the value of SSH_AUTH_SOCK in an entry?
Hi, I'm trying to set up an entry for launchd that will fire off ssh on-demand to create a tunnel. I would like for the ssh to get authentication information from ssh-agent, but I'm not sure if launchd children inherit SSH_AUTH_SOCK in the environment, or if I somehow have to designate that it gets it. In the pre-leopard days when I used SSHKeyChain.app, the SSH_AUTH_SOCK value was constant, and I could just set SSH_AUTH_SOCK in an <EnvironmentVariables> declaration in the entry. Thanks, -cj
Chris, Mac OS X Leopard, as shipped, automatically manages 'ssh-agent' and the corresponding environmental variable. One can verify this like so: $ env | grep SSH_AUTH SSH_AUTH_SOCK=/tmp/launch-01KBeh/Listeners $ …and by reviewing /System/Library/LaunchAgents/org.openbsd.ssh- agent.plist. You can also verify which processes have inherited the SSH_AUTH_SOCK variable with: ps axe davez On Mar 27, 2008, at 4:53 AM, Chris Cleeland wrote:
Hi,
I'm trying to set up an entry for launchd that will fire off ssh on-demand to create a tunnel. I would like for the ssh to get authentication information from ssh-agent, but I'm not sure if launchd children inherit SSH_AUTH_SOCK in the environment, or if I somehow have to designate that it gets it.
In the pre-leopard days when I used SSHKeyChain.app, the SSH_AUTH_SOCK value was constant, and I could just set SSH_AUTH_SOCK in an <EnvironmentVariables> declaration in the entry.
Thanks, -cj _______________________________________________ launchd-dev mailing list launchd-dev@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/launchd-dev
Dave, Thanks for the quick reply! On Thu, Mar 27, 2008 at 10:12 AM, Dave Zarzycki <zarzycki@apple.com> wrote:
Mac OS X Leopard, as shipped, automatically manages 'ssh-agent' and the corresponding environmental variable. One can verify this like so:
$ env | grep SSH_AUTH SSH_AUTH_SOCK=/tmp/launch-01KBeh/Listeners $
Right. I like that!
…and by reviewing /System/Library/LaunchAgents/org.openbsd.ssh- agent.plist. You can also verify which processes have inherited the SSH_AUTH_SOCK variable with:
ps axe
Mmmm...okay. According to empirical evidence, though, the ssh spawned by launchd isn't inheriting SSH_AUTH_SOCK 8298 ?? Ss 0:00.00 /usr/libexec/launchproxy /usr/bin/ssh -v -nNT -i /Use rs/taoadmin/.ssh/svn.ociweb.com -L 22000:svn.ociweb.com:22 -l cleeland ssh.ociwe b.com PATH=/usr/bin:/bin:/usr/sbin:/sbin __LAUNCHD_FD=47 TMPDIR=/var/folders/Z+/ Z+cmZ48wHRWaiAQNuFalnk+++TI/-Tmp-/ SHELL=/bin/bash HOME=/Users/taoadmin USER=tao admin LOGNAME=taoadmin 8299 ?? S 0:00.02 /usr/bin/ssh -v -nNT -i /Users/taoadmin/.ssh/svn.ociw eb.com -L 22000:svn.ociweb.com:22 -l cleeland ssh.ociweb.com PATH=/usr/bin:/bin: /usr/sbin:/sbin TMPDIR=/var/folders/Z+/Z+cmZ48wHRWaiAQNuFalnk+++TI/-Tmp-/ SHELL= /bin/bash HOME=/Users/taoadmin USER=taoadmin LOGNAME=taoadmin __CF_USER_TEXT_ENC ODING=0x1F5:0:0 Is there a way I can tell it that I want SSH_AUTH_SOCK to be inherited? -cj
On Thu, Mar 27, 2008 at 3:31 PM, Chris Cleeland <chris.cleeland@gmail.com> wrote:
According to empirical evidence, though, the ssh spawned by launchd isn't inheriting SSH_AUTH_SOCK
The answer to this question is in the archives... I know because I was the one that asked it! Your launchd agent must run in the Aqua context, which it should if it's installed in [~]/Library/LaunchAgents, or if you supply '-S Aqua' as an argument to launchctl. Best wishes, Hamish
participants (3)
-
Chris Cleeland
-
Dave Zarzycki
-
Hamish Allan