File: ssh_and_gpg_agents

package info (click to toggle)
hibernate 2.0%2B15%2Bg88d54a8-1
  • links: PTS, VCS
  • area: main
  • in suites: buster, jessie, jessie-kfreebsd, stretch, wheezy
  • size: 740 kB
  • ctags: 114
  • sloc: sh: 1,223; makefile: 17
file content (76 lines) | stat: -rw-r--r-- 2,260 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# -*- sh -*-
# vim:ft=sh:ts=8:sw=4:noet

# This script can be used to clear private data from passphrase caching
# agents, specifically ssh-agent and gpg-agent.

# Author: Thomas Fischer <fischer@unix-ag.uni-kl.de>


AddConfigHandler AgentsClearOptions
AddConfigHelp "AgentsClearGPG <boolean> " "Clear private data (passphrase) from gpg-agent"
AddConfigHelp "AgentsClearSSH <boolean> " "Clear private data (passphrase) from ssh-agent"


AgentsClearOptions() {
	case $1 in
		agentscleargpg)
			BoolIsOn "$1" "$2" && AddSuspendHook 27 ClearGPGAgents
		;;
		agentsclearssh)
			BoolIsOn "$1" "$2" && AddSuspendHook 27 ClearSSHAgents
		;;
		*)
			return 1
	esac
	return 0
}


ClearAgents() {
	vecho 1 "Clearing agents"
	ClearSSHAgent
	ClearGPGAgent	
}

#==========================================================================
# ssh-agent
#--------------------------------------------------------------------------

ClearSSHAgents() {
	vecho 1 "Clearing ssh-agents"

	# find each running ssh-agent process
	# ssh-agents are not associated to a tty
	for clearagentspid in $(pidof ssh-agent) ; do
		# determine socket
		clearagentssocket=$(find /proc/$clearagentspid/fd/ -maxdepth 1 -xtype s -exec readlink '{}' ';' | sed -e "s/socket:\[//;s/\]//")
		# determine socket file
		clearagentssocketfile=$(netstat --unix -l | gawk '/ '$clearagentssocket' / { print $9 }')
		# if found file is actually a socket ...
		if [ -S "${clearagentssocketfile}" ] ; then
			# then call ssh-add to delete all identities from this agent
			vecho 2 "SSH_AUTH_SOCK=${clearagentssocketfile} SSH_AGENT_PID=${clearagentspid} /usr/bin/ssh-add -D"
			SSH_AUTH_SOCK=${clearagentssocketfile} SSH_AGENT_PID=${clearagentspid} /usr/bin/ssh-add -D
		fi
	done
}


#==========================================================================
# gpg-agent
#--------------------------------------------------------------------------

ClearGPGAgents() {
	vecho 1 "Clearing gpg-agents"

	# find each running ssh-agent process
	# ssh-agents are not associated to a tty
	for clearagentspid in $(ps t - | gawk '/[g]pg-agent --daemon/ {print $1}') ; do
		# gpg-agents forget the passphrases when a SIGHUP is sent to them
		vecho 2 "kill -SIGHUP ${clearagentspid}"
		kill -SIGHUP ${clearagentspid}
	done
}