ssh-agent

ssh-agent(1)

How to Start an SSH Agent?

Via Xsession

This is the default on Debian systems:

Most desktop environments in Debian will already be setup to run ssh-agent (through systemd user services or /etc/X11/Xsession), so you shouldn’t need to start it manually. – https://wiki.debian.org/SSH

I don’t know what systemd services this refers to but by default it works by the xsession(5) sourcing the scripts in /etc/X11/Xsession.d/, specifically the file 90x11-common_ssh-agent which modifies the command line to start an xsession to ssh-agent $HOME/.xsession.

ssh-agent command [arg ...]

If a command (and optional arguments) is given, this is executed as a subprocess of the agent. The agent exits automatically when the command given on the command line terminates. – ssh-agent(1)

The ssh-agent sets up the environment variables SSH_AUTH_SOCK and SSH_AGENT_PID for the $HOME/.xsession and its subprocesses which will inherit the variables by default [1].

Note when using the .xsession to start the window manager, the window manager will be executed in place of the xsession process [2]. Therefore if you are going from the other way - having an ssh agent and looking for where it is started, you will see something like:

% pstree -sp $SSH_AGENT_PID
systemd(1)───xdm(870)───xdm(1507)───xmonad-x86_64-l(1524)───ssh-agent(1559)

And wonder why the hell is xmonad (my window manager) starting an ssh-agent? But it is really the xsession system.

When the X session is logged out of, the ssh-agent terminates as documented by ssh-agent(1).

Via systemd user service

../../_images/but-why-ryan-reynolds.gif

In my testing:

  • the systemd user service is not shut down on logout

  • the ssh-agent not terminated

  • the XDG_RUNTIME_DIR is not removed

Possibly because, while the X session is terminated, something is still holding the system user login session. Probably tmux server.

Note the “if the user fully logs out the directory MUST be removed.” in XDG Base Directory Specification v0.8

Sources