ssh: remove persistent socket; use macOS Keychain

* Remove persistent SSH auth socket. * Make ps|grep more robust and POSIX compliant. * On macOS, use `-A` switch to "add identities to the agent using any passphrase stored in the user's keychain."
sorin-ionescu · Aug 14, 2017 · e3d6898 · e3d6898
1 parent dd1133d
commit e3d6898
Showing 1 changed file with 10 additions and 14 deletions.
diff --git a/modules/ssh/init.zsh b/modules/ssh/init.zsh
@@ -16,36 +16,32 @@ _ssh_dir="$HOME/.ssh"
 # Set the path to the environment file if not set by another module.
 _ssh_agent_env="${_ssh_agent_env:-${TMPDIR:-/tmp}/ssh-agent.env.$UID}"
 
-# Set the path to the persistent authentication socket.
-_ssh_agent_sock="${TMPDIR:-/tmp}/ssh-agent.sock.$UID"
-
-# Start ssh-agent if not started.
+# If a socket exists at SSH_AUTH_SOCK, assume ssh-agent is already running and
+# skip starting it.
 if [[ ! -S "$SSH_AUTH_SOCK" ]]; then
-  # Export environment variables.
+  # Try to grab previously exported environment variables.
   source "$_ssh_agent_env" 2> /dev/null
 
-  # Start ssh-agent if not started.
-  if ! ps -U "$LOGNAME" -o pid,ucomm | grep -q -- "${SSH_AGENT_PID:--1} ssh-agent"; then
+  # Do not start ssh-agent if the PID from the last start of ssh-agent exists and
+  # corresponds to a running ssh-agent under the current user.
+  if ! ps -U "$LOGNAME" -o pid,comm | grep -E -q -e "^[[:blank:]]*${SSH_AGENT_PID:--1}[[:blank:]].*ssh-agent$"; then
     eval "$(ssh-agent | sed '/^echo /d' | tee "$_ssh_agent_env")"
   fi
 fi
 
-# Create a persistent SSH authentication socket.
-if [[ -S "$SSH_AUTH_SOCK" && "$SSH_AUTH_SOCK" != "$_ssh_agent_sock" ]]; then
-  ln -sf "$SSH_AUTH_SOCK" "$_ssh_agent_sock"
-  export SSH_AUTH_SOCK="$_ssh_agent_sock"
-fi
-
 # Load identities.
 if ssh-add -l 2>&1 | grep -q 'The agent has no identities'; then
   zstyle -a ':prezto:module:ssh:load' identities '_ssh_identities'
   # Check for Linux system and ssh-askpass presence
   if [[ "$OSTYPE" == linux* ]] && [[ ! -a /usr/lib/ssh/x11-ssh-askpass ]]; then
     ssh-add "${_ssh_identities:+$_ssh_dir/${^_ssh_identities[@]}}"  2> /dev/null
+  elif [[ "$OSTYPE" == darwin* ]]; then
+      # macOS: `ssh-add -A` will load all identities defined in Keychain
+      ssh-add -A 2> /dev/null
   else
     ssh-add "${_ssh_identities:+$_ssh_dir/${^_ssh_identities[@]}}"  < /dev/null 2> /dev/null
   fi
 fi
 
 # Clean up.
-unset _ssh_{dir,identities} _ssh_agent_{env,sock}
+unset _ssh_{dir,identities,agent_env}