Add ssh-agent-grab.sh.

diff --git a/posts/SSH.mdwn b/posts/SSH.mdwn
index dc059d1cc93e2c6dbd0325ac25e286fa576b5913..72ec2b4529f07239e714ce421eb79b764700f4b0 100644 (file)
--- a/posts/SSH.mdwn
+++ b/posts/SSH.mdwn
@@ -35,6 +35,26 @@ I usually prime the SSH agent right after I log in (before running
 [[screen]] or `startx`) to that new terminals come up knowing about
 the agent.
 
+Grabbing a ssh-agent by process ID
+----------------------------------
+
+If you clobber your `ssh-agent` environment somehow (or you want to
+“borrow” another user's agent to show them the security risks of
+running an agent on a computer that they don't own),
+[[ssh-agent-grab.sh]] will show you how to setup your environment:
+
+    $ ps -ef ssh-agent
+    ...
+    jdoe     11862     1  0 Nov18 ?        00:00:01 ssh-agent
+    ...
+    $ ssh-agent-grab.sh 4580
+    export SSH_AUTH_SOCK=/tmp/ssh-oTZLe11861/agent.11861
+    export SSH_AGENT_PID=11862
+    $ export SSH_AUTH_SOCK=/tmp/ssh-oTZLe11861/agent.11861
+    $ export SSH_AGENT_PID=11862
+    $ ssh jdoe@elsewhere
+
+
 Credits
 -------
 

diff --git a/posts/SSH/ssh-agent-grab.sh b/posts/SSH/ssh-agent-grab.sh
new file mode 100755 (executable)
index 0000000..454951b
--- /dev/null
+++ b/posts/SSH/ssh-agent-grab.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+if [ "$#" -ne 1 ]; then
+               echo 'usage: ssh-grab-agent.sh PID'
+               exit 1
+fi
+
+PID=$1
+
+export SSH_AUTH_SOCK=$(/bin/ls /tmp/ssh-*/agent.$PID 2>/dev/null)
+if [ -z "$SSH_AUTH_SOCK" ] ; then
+    let "PID2 = PID-1"
+    export SSH_AUTH_SOCK=$(/bin/ls /tmp/ssh-*/agent.$PID2)
+fi
+echo "export SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
+echo "export SSH_AGENT_PID=$PID"
+
+exit 0