Bug 240069 - ssh-agent keeps running after logout
ssh-agent keeps running after logout
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: xinitrc (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Søren Sandmann Pedersen
Depends On:
  Show dependency treegraph
Reported: 2007-05-14 16:25 EDT by Matt Seitz
Modified: 2014-06-18 05:09 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-20 12:02:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matt Seitz 2007-05-14 16:25:45 EDT
+++ This bug was initially created as a clone of Bug #148945 +++

The original bug report was about both gnome-keyring and ssh-agent.  It now
appears these are two different problems.  To avoid confusion, I am opening this
case to track just the ssh-agent problem.

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041215 Firefox/1.0 Red Hat/1.0-12.EL4

Description of problem:
After logging out of gnome and logging back in, I notice that keyring
and ssh-agent from before are still running. With many logouts/logins
the number of processes grows.

Version-Release number of selected component (if applicable):
gnome-keyring-0.4.0-1, openssh-3.9p1-8.RHEL4.1

How reproducible:

Steps to Reproduce:
1.log in with gnome
2.log out
3.log back in and do ps -u user

Actual Results:  gnome-keyring and ssh-agent from before are still
running along with new ones.

Expected Results:  only one instance of each (?)

Additional info:

I noticed this first with ssh-agent. I then created .xsession and
.bash_logout files to kill my ssh-agents when I logged out. Now I
notice it with keyring. Is it safe to kill these too at logout? I'm
flagging it as a security issue since these packages are related to

-- Additional comment from k.georgiou@imperial.ac.uk on 2005-03-18 12:53 EST --
Look at #134494 for the ssh-agent problems.

-- Additional comment from enjones@twe.com on 2005-05-04 13:39 EST --
I don't notice this with gnome-keyring, but I have noticed that ssh-agent
continues to run and is re-executed at each login, so that after 4 days of
uptime I now have 8 ssh-agent's running.

-- Additional comment from alexl@redhat.com on 2005-12-15 08:04 EST --
Created an attachment (id=122278)
Patch for gnome-keyring

-- Additional comment from alexl@redhat.com on 2005-12-15 08:05 EST --
Created an attachment (id=122279)
Patch for gnome-sesson

-- Additional comment from alexl@redhat.com on 2005-12-15 08:08 EST --
For the gnome-kerying part, I'm not sure exactly when this happens (it doesn't
always seems to happen). It was fixed in upstream CVS 2004/11/30 with the two
patches I attached above by slaving the keyring lifecycle to the X server

I didn't test these two patches, but they should be tested via upstream in e.g. FC4.

-- Additional comment from alexl@redhat.com on 2005-12-15 08:12 EST --
*** Bug 173356 has been marked as a duplicate of this bug. ***

-- Additional comment from gmorris@slac.stanford.edu on 2006-06-26 16:53 EST --
This bug still has status NEW over a year after being opened, and I still see it
in RHEL4.

I tried the fix in bug #134494 comment 37 for ssh-agent; however having Xsession
use ssh-agent to exec the session breaks things for me, because the setgid
ssh-agent unsets LD_LIBRARY_PATH. It doesn't seem exactly elegant to treat
LD_LIBRARY_PATH (and whatever other variables need preserving) in the same way
as TMPDIR in the #134494 patch.

-- Additional comment from alexl@redhat.com on 2007-05-02 09:38 EST --
The way I read this bug the users still haven't gotten packages with *both* the
two patches I posted here. To make sure this is the case, can you please build
and get the customer to test these exact packages:

Both packages must be installed, and then you must log out and make sure there
are no active gnome-sessions or gnome-keyring-daemons.

-- Additional comment from alexl@redhat.com on 2007-05-08 04:18 EST --
I put x86-64 packages at http://people.redhat.com/~alexl/RPMS/keyring/

-- Additional comment from Klaus@Ethgen.de on 2007-05-08 04:48 EST --
I made the following patch as quickfix for this problem. Please note that the 
ssh-agent has to be started *after* the dbus launch!

sed -i- -e '/^\[ -x \/usr\/bin\/ssh-agent/s/^/#/' -e '/^\[ -x \/usr\/bin\/dbus-
launch/a\\n# Missbrauch des DBUS_LAUNCH für ssh-agent\n[ -x /usr/bin/ssh-agent 
-a -z "$SSH_AGENT_PID" ] && DBUS_LAUNCH="$DBUS_LAUNCH /usr/bin/ssh-agent"\n' /

I see no reason why it take so long to get this fix (well, a bit more clear 
and not so crude) into the start script.

-- Additional comment from alanm@redhat.com on 2007-05-09 12:03 EST --

On May 4th, Joe Kachuck passed along two packages you gave him to the customer
for testing.  The customer stated that he killed all gnome-session and
gnome-keyring-daemon process and updated the packages.  He's still seeing the issue.

I am attaching a fresh copy of his sysreport for you to examine.


-- Additional comment from alexl@redhat.com on 2007-05-10 04:55 EST --
I installed RHEL4 on a i386 machine (i have no x86-64). Pressing
ctrl-alt-backspace after login leaves the gnome-keyring-daemon around after the
session has died. However, after building and installing the packages above this
no longer happens.

Now, i don't have an x86-64 machine here to test on, but given the patches
involved are not really arch dependent I doubt it will make a difference. So, if
the patches don't fix things for the customer then they have to have some
specific problem that I can't really resolve. 

The patches I posted are what has been commited to upstream and has worked for
everyone upstream for quite some time. I find it really hard to believe that
they shouldn't work for this particular user.

Anyway, its hard for me to go any further with this.

-- Additional comment from alexl@redhat.com on 2007-05-10 04:57 EST --
Or maybe the problem was ssh-agent? My fix only applies to gnome-keyring-daemon,
ssh-agent is a different thing.
Comment 1 Tomas Mraz 2007-05-15 03:31:33 EDT
This has to be changed in the xinitrc scripts - either the ssh-agent must run
the session (which brings the LD_LIBRARY_PATH problem as in bug 164869) or
something in the X init scripts has to explicitely kill it when the session ends.
Comment 2 Jiri Pallich 2012-06-20 12:02:27 EDT
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.