如何检查ssh-agent是否已经在bash中运行？

Question

我的shLinux环境中有一个示例脚本,基本上运行的ssh-agent是当前shell,为它添加一个键并运行两个git命令:

#!/bin/bash
eval "$(ssh-agent -s)"
ssh-add /home/duvdevan/.ssh/id_rsa

git -C /var/www/duvdevan/ reset --hard origin/master
git -C /var/www/duvdevan/ pull origin master

脚本实际上运行正常,但每次运行它都会得到一个新进程,所以我认为它可能会成为一个性能问题而且我最终可能会遇到无用的进程.

输出的一个例子:

Agent pid 12109
Identity added: /home/duvdevan/.ssh/custom_rsa (rsa w/o comment)

此外,除此之外,是否可以找到现有ssh-agent流程并将其添加到其中？

Answer 1

不,真的,如何检查ssh-agent是否已经在bash中运行？

到目前为止,答案似乎没有回答原来的问题......

这对我有用:

if ps -p $SSH_AGENT_PID > /dev/null
then
   echo "ssh-agent is already running"
   # Do something knowing the pid exists, i.e. the process with $PID is running
else
eval `ssh-agent -s`
fi

这取自: https ://stackoverflow.com/a/15774758

Answer 2

此外,除此之外,是否可以找到现有的ssh-agent进程并将其添加到其中？

是.我们可以将连接信息存储在一个文件中:

# Ensure agent is running
ssh-add -l &>/dev/null
if [ "$?" == 2 ]; then
    # Could not open a connection to your authentication agent.

    # Load stored agent connection info.
    test -r ~/.ssh-agent && \
        eval "$(<~/.ssh-agent)" >/dev/null

    ssh-add -l &>/dev/null
    if [ "$?" == 2 ]; then
        # Start agent and store agent connection info.
        (umask 066; ssh-agent > ~/.ssh-agent)
        eval "$(<~/.ssh-agent)" >/dev/null
    fi
fi

# Load identities
ssh-add -l &>/dev/null
if [ "$?" == 1 ]; then
    # The agent has no identities.
    # Time to add one.
    ssh-add -t 4h
fi

这段代码来自ssh代理的陷阱,它描述了你目前正在做的事情,这种方法的缺陷,以及你应该如何使用ssh-ident为你做这件事.

如果您只想运行ssh-agent,如果它没有运行,则不执行任何操作:

if [ $(ps ax | grep [s]sh-agent | wc -l) -gt 0 ] ; then
    echo "ssh-agent is already running"
else
    eval $(ssh-agent -s)
    if [ "$(ssh-add -l)" == "The agent has no identities." ] ; then
        ssh-add ~/.ssh/id_rsa
    fi

    # Don't leave extra agents around: kill it on exit. You may not want this part.
    trap "ssh-agent -k" exit
fi

但是,这并不能确保ssh-agent可以访问(只是因为它的运行并不意味着我们有$ SSH_AGENT_PID供ssh-add连接).

Answer 3

如果您希望在脚本退出后立即终止它,您可以在eval行之后添加它:

trap "kill $SSH_AGENT_PID" exit

要么:

trap "ssh-agent -k" exit

$SSH_AGENT_PID设置在eval中ssh-agent -s.

您应该能够通过扫描/tmp/ssh-*并SSH_AGENT从中重建变量来找到正在运行的ssh-agents (SSH_AUTH_SOCK和SSH_AGENT_PID).

Answer 4

使用$SSH_AGENT_PID只能测试ssh-agent但未添加时会错过身份

$ eval `ssh-agent`
Agent pid 9906
$ echo $SSH_AGENT_PID
9906
$ ssh-add -l
The agent has no identities.

ssh-add -l因此，使用Expect 脚本进行检查会很方便，如下例所示：

$ eval `ssh-agent -k`
Agent pid 9906 killed
$ ssh-add -l
Could not open a connection to your authentication agent.
$ ssh-add -l &>/dev/null
$ [[ "$?" == 2 ]] && eval `ssh-agent`
Agent pid 9547
$ ssh-add -l &>/dev/null
$ [[ "$?" == 1 ]] && expect $HOME/.ssh/agent
spawn ssh-add /home/user/.ssh/id_rsa
Enter passphrase for /home/user/.ssh/id_rsa: 
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
$ ssh-add -l
4096 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX /home/user/.ssh/id_rsa (RSA)

因此，当 和ssh-agent都ssh-add -l在 bash 脚本上运行时：

#!/bin/bash
ssh-add -l &>/dev/null
[[ "$?" == 2 ]] && eval `ssh-agent`
ssh-add -l &>/dev/null
[[ "$?" == 1 ]] && expect $HOME/.ssh/agent

然后它会始终检查并确保连接正在运行：

$ ssh-add -l
4096 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX /home/user/.ssh/id_rsa (RSA)

您还可以使用do while模拟上述脚本上的命令重复

Answer 5

ps -p $SSH_AGENT_PID > /dev/null || eval "$(ssh-agent -s)"

单行命令。第一次运行会启动ssh-agent。第二次运行不会启动ssh-agent。简单而优雅的伴侣！！！