How to kill ssh agents started by script managed by systemd?

Question

I want to start an ssh-agent instance when my user logs in. I also want several specific keys added to that agent after it has been created. I should be able to start and stop the agent through systemd. When I log out, that ssh-agent instance should be killed.

How would you write the systemd service file(s) to achieve this?

Related, not sure if this is a dupe: How to start and use ssh-agent as systemd service? Can you have a look at it and tell us if that works for you? — Freddy, Mar 04 '23 at 03:01
It's close to being a dupe, but I think the added requirement of adding the keys after start make this different enough. I actually figured it out and put my answer. — Lester Peabody, Mar 04 '23 at 03:27

Lester Peabody · Answer 1 · 2023-03-04T17:21:00.187

The below worked for me.

After doing a lot of reading, re-reading, and then re-reading again, I found that ssh-agent can be run in the foreground, so systemd is able to manage it. In addition, I found you can add unlimited ExecStartPost directives, so I figured that would allow adding specific keys to the agent.

It worked wonderfully. The only oddity was that after stopping the service explicitly, it was in a failed state. More reading lead me to seeing that the ssh-agent process exits with a status of 2, so non-zero, so the SuccessExitStatus needed to be set to 2. Now, when stopped, its status shows as inactive as expected.

[Unit]
Description=Project SSH Agent
[Service]
Type=simple
Environment=PROJECT_SSH_AGENT=%t/project-ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -D -a "$PROJECT_SSH_AGENT"
ExecStartPost=echo $SSH_AUTH_SOCK
ExecStartPost=echo $PROJECT_SSH_AGENT
ExecStartPost=/bin/sh -c "SSH_AUTH_SOCK=$PROJECT_SSH_AGENT /usr/bin/ssh-add /home/lpeabody/.ssh/id_rsa.project"
SuccessExitStatus=2
[Install]
WantedBy=default.target

How to kill ssh agents started by script managed by systemd?

1 Answers1