#!/bin/bash # ~/.local/bin/ssh-agent-guard.sh LOG_FILE="$HOME/.ssh-agent-screenlock.log" SOCKET_PATH="$HOME/.ssh/agent.sock" PID_FILE="$HOME/.ssh-agent-watchdog.pid" PAUSE_FILE="$HOME/.ssh-agent-watchdog.pause" # 1. Singleton Check: Nur ein Wächter erlaubt if [ -f "$PID_FILE" ]; then old_pid=$(cat "$PID_FILE") kill -0 "$old_pid" 2>/dev/null && kill "$old_pid" fi echo $$ > "$PID_FILE" # 2. Cleanup Trap (Aufräumen bei Exit) cleanup() { rm -f "$PID_FILE"; exit 0; } trap cleanup SIGINT SIGTERM log() { echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> "$LOG_FILE"; } restart_agent() { # "Deep Work" Check: Darf ich töten? if [ -f "$PAUSE_FILE" ]; then log "SKIP: Deep Work Mode aktiv. Agent überlebt." return fi log "🔒 LOCK: Killing Agent..." # Kill existing agents if [ -n "$SSH_AGENT_PID" ]; then kill "$SSH_AGENT_PID" 2>/dev/null; fi pkill -u "$USER" ssh-agent # Clean Environment unset SSH_AUTH_SOCK SSH_AGENT_PID rm -f "$SOCKET_PATH" # Respawn & Bind to fixed socket eval "$(ssh-agent -a "$SOCKET_PATH" -s)" >/dev/null # Save Environment for others echo "export SSH_AUTH_SOCK=$SOCKET_PATH" > "$HOME/.ssh/agent-environment" echo "export SSH_AGENT_PID=$SSH_AGENT_PID" >> "$HOME/.ssh/agent-environment" log "✨ RESPAWN: Neuer Agent (PID: $SSH_AGENT_PID)" } # 3. MATE Hardening: Sofort sperren, keine Grace-Period gsettings set org.mate.screensaver lock-enabled true gsettings set org.mate.screensaver lock-delay 0 # Init: Sofort einmal ausführen, damit der Key-Store definiert ist if [ ! -f "$HOME/.ssh/agent-environment" ]; then log "INIT: Starte initialen Agent..." restart_agent fi log "Watchdog gestartet (PID $$). Warte auf Lock-Events..." # 4. Der DBus Loop dbus-monitor --session "type='signal',interface='org.mate.ScreenSaver',member='ActiveChanged'" 2>/dev/null | while read -r line; do if echo "$line" | grep -q "boolean true"; then # EVENT: Screen Locked -> Kill Agent mate-screensaver-command --lock 2>/dev/null # Double Tap restart_agent fi done