ccontavalli/ssh-ident

prints for every shell command

vindarel opened this issue · 9 comments

Hi !
I installed and used successfully the master branch of ssh-ident (it's very neat ! It would be cool to have the README formatted though). I set up aliases for ssh and git.
But now, for every shell command I run (cd, ls,…) ssh-ident prints some output:

Agent for identity vindarel ready
All keys already loaded
Agent for identity vindarel ready
debug ssh-ident: using identity vindarel
All keys already loaded

Sure, I can comment out those lines in the code, but I'd like them to show up when I run =ssh= or =git= (only). And it doesn't seem right that ssh-ident is called everytime… An idea ? (I use zsh)
Thanks !

Indeed having ssh-ident called for every command seems wrong, and none of
the instructions for the standard setup should lead to that.

I am not familiar with zsh, but is it possible that it is using some
command line completion plugin or similar that ends up invoking ssh / git
or similar?

With bash, I would try to run:

set -x

followed by one of the commands that leads to unexpectedly running
ssh-ident, like ls or cd. The output would tell us if anything magic is
happening behind the scene that would lead to invoking ssh-ident.

There should be some equivalent option for zsh?

Please check your .profile file or other .zshrc file otherwise, and see if
there's anything there that could lead to this outcome?

I can otherwise try playing with zsh myself, just let me know what you try.

Thanks,
Carlo

Oh, I had forgotten about those kind of options. So with zsh we can set

setopt XTRACE VERBOSE

to see the traces. I got something like

+zsh:26> git_custom_status
+git_custom_status:1> current_branch
+current_branch:1> ref=+current_branch:1> BINARY_SSH=git /home/vince/projets/ssh-ident/ssh-ident symbolic-ref HEAD

It is oh-my-zsh (a nice zsh configuration out of the box) that calls a git plugin, which I will identify soon…
But the problem remains, doesn't it ? ssh-ident prints stuff at every call, and I fear my only option is to delete the appropriate lines of code. Do you think of a better solution ?

Hello,

+zsh:26> git_custom_status
+git_custom_status:1> current_branch
+current_branch:1> ref=+current_branch:1> BINARY_SSH=git /home/vince/projets/ssh-ident/ssh-ident symbolic-ref HEAD

It is oh-my-zsh (a nice zsh configuration out of the box) that calls a git plugin, which I will identify soon…
But the problem remains, doesn't it ? ssh-ident prints stuff at every call, and I fear my only option is to delete the appropriate lines of code. Do you think of a better solution ?

well, every time ssh-ident prints out something it is because it is
providing your keys or setting up an agent, and ssh is invoked to
connect somewhere.

I could add an option in the rc file so that you can instruct
ssh-ident to be "quiet", but is that what you really want?

Eg, as it stands, you have something that for each command you type
tries to connect to a remote host via ssh, possibly sharing your ssh
keys loaded in the agent with that host. If it wasn't for this output,
and judging by this thread, you wouldn't probably know that your keys
are being shared?

It might be desired and expected, in which case, I agree, there should
be a feature to disable this output. But it's the first time I hear
about a problem like this one, and am worried that disabling the
output is hiding the real problem.

The feature should be relatively straightforward to add in any case,
probably a couple lines with an if.

Carlo

I believe, making git an alias to ssh-ident is not a good idea. ssh-ident will try to load keys for every git command, even if it does not require SSH (e.g. because it operates on the local repo only, all remotes are https, ...). Having a symlink named ssh in the $PATH works much better in this regard.

However, I would like to back up the feature request for a "quiet" option for a different reason.
I use the symlink method and have scp and whatnot call ssh-ident instead of ssh when needed.
Unfortunately, the output of ssh-ident messes up my autocompletion of remote files. Whenever I hit tab, ssh-ident prints "All keys already loaded" or - worse - asks me for my passphrases.

When trying to autocomplete remote files with scp or rsync, zsh calls ssh with -o BatchMode=yes (bash uses -o BatchMode yes). So it might be a good idea for ssh-ident (if BINARY_SSH is ssh) to catch that flag and suppress all output and not load keys if this is given. This is what ssh would do as well (see man ssh_config):

BatchMode
If set to “yes”, passphrase/password querying will be disabled. This option is useful in scripts
and other batch jobs where no user is present to supply the password. The argument must be “yes”
or “no”. The default is “no”.

In addition to this, I would also be happy to have a "quiet" option in the rc file, as ssh-ident is a little too talky for my personal taste.

Carlo, if you don't feel like writing this yourself, I might give it a whirl.

👍 for the batch mode and the quiet mode. They would be really handy.
I would also second vindarels suggestion for formatting the readme with clean markdown and maybe generating the debian help files from that later on (?).
Nice project overall. :) It's really convenient.

Ok, seems like we have consensus, I'm all in favor of following up with the
suggestions here.

Summarizing:
1 - make ssh-ident quiet when BatchMode is used.
2 - add rc option to reduce verbosity.
3 - better formatting for the README file.
(4 - maybe generate debian help / man pages from here).

black2754: if you feel like giving 1 and 2 a whirl, please feel free to do
so, it'd be great to merge in the changes.
Otherwise I can give it a try in a week or two, will ping this issue before
I get started.

Thanks everyone!
Carlo

I implemented 1 and 2. Tested with Python 2.7, 3.2, 3.3 and 3.4. Tests and bug reports with the same and other versions are welcome.

Carlo, I took the liberty of reducing the amount of output with the default settings a little bit. You may want to review the loglevels I assigned to the existing messages.

Regards,
Black

Ping. Any news on this?

Apologies for delay. I went on a 4 weeks trip just after I merged this change in my local copy, and forgot to push. I just pushed it as is, has been working great. I'll probably do some random cleanups over the next few days, but thanks again for contributing the code!!