Allowing xfce4-session to use external ssh-agent

Ivan Kabaivanov ivan.kabaivanov at gmail.com
Sun Nov 19 19:05:44 CET 2017


-----Original message-----
From: Yves-Alexis Perez <corsac at debian.org>
Sent: Sunday, November 19, 2017 7:46 PM
To: Xfce development list <xfce4-dev at xfce.org>
Subject: Re: Allowing xfce4-session to use external ssh-agent


On Sun, 2017-11-19 at 02:51 +0200, Ivan Kabaivanov wrote:
> xfconf-query -c xfce4-session -p /startup/ssh-agent/external -n -t string -s
> true
> xfconf-query -c xfce4-session -p /startup/ssh-agent/external_socket -n -t
> string -s PATH_TO_SSH_SOCKET

What if you just set:

xfconf-query -c xfce4-session -p /startup/ssh-agent/enabled
false

Afaict it works just fine here (ssh-agent is gpg-agent here, so not managed by
xfce4-session).




Unfortunately this will not work as xfce will not be aware of the existing ssh-agent socket and will not export SSH_AUTH_SOCK to apps started within the xfce4-session.



Right now we have three options:

1) Disable both ssh-agent and pgp-agent -- in this case SSH_AUTH_SOCK will be undefined and apps looking for it will not use the manually started ssh-agent (or pgp-agent for that matter)

2) Enable ssh-agent and it will be used even if pgp-agent is enabled -- only apps started within xfce will be able to use ssh-agent

3) Enable pgp-agent and disable ssh-agent -- only apps started within xfce will be able to use ssh-agent



What I'm proposing is a fourth option -- "attach" xfce4-session to an existing ssh-agent socket and export SSH_AUTH_SOCK to all apps within the xfce4-session.  Non-xfce apps will also see SSH_AUTH_SOCK as we export it via .bashrc (or whatever you prefer, systemd user unit, custom script, etc).



Full disclosure: I'm using LFS (Linux From Scratch) so I suspect major distros probably have a workaround to expose the same SSH_AUTH_SOCK to both xfce and non-xfce apps.



Thanks,

IvanK.







Regards,
-- 
Yves-Alexis_______________________________________________
Xfce4-dev mailing list
Xfce4-dev at xfce.org
https://mail.xfce.org/mailman/listinfo/xfce4-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.xfce.org/pipermail/xfce4-dev/attachments/20171119/143795d1/attachment.html>


More information about the Xfce4-dev mailing list