Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Ubuntu – How does the command 'ssh-agent /bin/bash' start a new shell with the agent's environment variables set?

I am just trying to better understand running ssh-agent. Below are three samples of how I have run ssh-agent. Note that for each example I close my session, and then start out with a fresh bash shell. In each new shell I confirm that ssh-agent is not running. I’m running bash shell (on Ubuntu/WSL). Question after the code samples.

If I want to start ssh-agent in the current shell, I can run the agent, and then manually set the environment variables that the agent returns.

$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-grVAkSC9cY98/agent.18454; export SSH_AUTH_SOCK;
SSH_AGENT_PID=18455; export SSH_AGENT_PID;
echo Agent pid 18455;
$ SSH_AUTH_SOCK=/tmp/ssh-grVAkSC9cY98/agent.18454
$ export SSH_AUTH_SOCK
$ SSH_AGENT_PID=18455
$ export SSH_AGENT_PID
$ ssh-add
Enter passphrase for /home/username/.ssh/id_rsa:
Identity added: /home/username/.ssh/id_rsa (/home/username/.ssh/id_rsa)
$ echo $SHLVL
1

More easily I can just use eval

$ eval $(ssh-agent)
Agent pid 18478
$ ssh-add
Enter passphrase for /home/username/.ssh/id_rsa:
Identity added: /home/username/.ssh/id_rsa (/home/username/.ssh/id_rsa)
$ echo $SHLVL
1

If I want to start ssh-agent in a new shell I can run ssh-agent /bin/bash rather than starting the shell, and then repeating the previous command (I know that the new shell can inherent ssh-agent from the parent shell, but I’m just interested in understanding what is going on with this command)

$ ssh-agent /bin/bash
$ ssh-add
Enter passphrase for /home/username/.ssh/id_rsa:
Identity added: /home/username/.ssh/id_rsa (/home/username/.ssh/id_rsa)
$ echo $SHLVL
2

Now the question: It seems like the command ssh-agent does not set the environment variables, but only returns them as a command string that must be evaluated (I’m curious as to why it works this way). How does the command (or two commands on the same line) ssh-agent /bin/bash start the new shell with the environment variables set?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I really should have thought to look at the ssh-agent manual. The first answer made me think of doing that. From the manual:

    There are two main ways to get an agent set up. The first is at the start of an X session, where all other windows or programs are started as children of the ssh-agent program. The agent starts a command under which its environment variables are exported, for example ssh-agent xterm &. When the command terminates, so does the agent.

    The second method is used for a login session. When ssh-agent is started, it prints the shell commands required to set its environment variables, which in turn can be evaluated in the calling shell, for example eval ssh-agent -s.

    Everything makes sense when thinking of login and non-login sessions. Of course, I'm still curious as to why in a login session ssh-agent prints the environment variable shell commands rather than setting the environment variables itself.


  2. 0

    In general, ssh-agent can run any command in an environment where SSH_AUTH_SOCK and SSH_AGENT_PID are available. ssh-agent /bin/bash is just the special case where that command happens to be a shell.

    With no argument, it simply outputs code suitable for use with eval to create the same environment, rather than starting a new process with that environment.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search