secretive
secretive copied to clipboard
maxgoedjen
Support ControlMaster and ControlPersist
It looks like using Secretive as the IdentityAgent invalidates options specified in ~/.ssh/config such as ControlMaster and ControlPersist.
This means that I cannot set keep alive to ~15 minutes to allow repeated connections to not require TouchID.
Hmm, what's your full ~/.ssh/config? It's working fine for me with this config:
Host *
ControlMaster auto
ControlPath /Users/dave/.ssh/sockets/%r@%h-%p
ControlPersist 15m
ServerAliveInterval 25
ServerAliveCountMax 1
TCPKeepAlive no
IdentityAgent /Users/dave/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh
ConnectTimeout 3
Seems to work fine with either ssh version I have installed:
dave@mbp ~ % /opt/homebrew/bin/ssh -V
OpenSSH_9.0p1, OpenSSL 1.1.1q 5 Jul 2022
dave@mbp ~ % /usr/bin/ssh -V
OpenSSH_9.0p1, LibreSSL 3.3.6
I've borrowed your log and verified that the SSH control socket does get created, but it also gets torn down immediately -- i.e. ControlPersist does not take effect. (Changing the value to "yes" also does not keep the socket around.)
https://gist.github.com/zachriggle/5cf92282c503d07cd5f6927bdbcd3474
Notable lines from the log are...
debug1: Control socket "/Users/zachriggle/.ssh/sockets/[email protected]" does not exist
...
Authenticated to github.com ([140.82.113.3]:22) using "publickey".
...
debug1: setting up multiplex master socket
debug3: muxserver_listen: temporary control path /Users/zachriggle/.ssh/sockets/[email protected]
...
debug1: channel 0: new [/Users/zachriggle/.ssh/sockets/[email protected]]
...
debug1: channel 0: free: /Users/zachriggle/.ssh/sockets/[email protected], nchannels 1
debug3: channel 0: status: The following connections are open:
Transferred: sent 2636, received 2428 bytes, in 0.1 seconds
Bytes per second: sent 23040.3, received 21222.3
debug1: Exit status 0
$ ls -la ~/.ssh/sockets
total 0
drwxr-xr-x 2 zachriggle staff 64 2022-10-11 05:03 ./
drwx------ 12 zachriggle staff 384 2022-10-11 04:58 ../
Huh, that's really odd.. I added IdentityFile to my config as well, still works. I've been using Secretive with multiplexing for almost the entire past year.
dave@mbp ~ % /usr/bin/ssh -T [email protected]
Hi Manouchehri! You've successfully authenticated, but GitHub does not provide shell access.
dave@mbp ~ % /usr/bin/ssh -T [email protected] -vvv
OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/dave/.ssh/config
debug1: /Users/dave/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/dave/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/dave/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 98471
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 2
Hi Manouchehri! You've successfully authenticated, but GitHub does not provide shell access.
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
dave@mbp ~ % ls -la ~/.ssh/sockets
total 0
drwxr-xr-x 8 dave staff 256 Oct 11 11:42 .
drwxr-xr-x 18 dave staff 576 Oct 4 11:28 ..
srw------- 1 dave staff 0 Oct 11 11:42 [email protected]