kruemel/OZM-Keks-Handbuch-v1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ada697c7d020a7d370714f844acbbac6eb66989e
OZM-Keks-Handbuch-v1/ssh-agent-guard.sh
Krümel Branko ada697c7d0 bugsn mit bugsy <3
2025-12-12 20:48:04 +01:00

69 lines
2.1 KiB
Bash
Raw Blame History

#!/bin/bash
# ~/.local/bin/ssh-agent-guard.sh
LOG_FILE="$HOME/.ssh-agent-screenlock.log"
SOCKET_PATH="$HOME/.ssh/agent.sock"
PID_FILE="$HOME/.ssh-agent-watchdog.pid"
PAUSE_FILE="$HOME/.ssh-agent-watchdog.pause"
# 1. Singleton Check: Nur ein Wächter erlaubt
if [ -f "$PID_FILE" ]; then
old_pid=$(cat "$PID_FILE")
kill -0 "$old_pid" 2>/dev/null && kill "$old_pid"
fi
echo $$ > "$PID_FILE"
# 2. Cleanup Trap (Aufräumen bei Exit)
cleanup() { rm -f "$PID_FILE"; exit 0; }
trap cleanup SIGINT SIGTERM
log() { echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> "$LOG_FILE"; }
restart_agent() {
# "Deep Work" Check: Darf ich töten?
if [ -f "$PAUSE_FILE" ]; then
log "SKIP: Deep Work Mode aktiv. Agent überlebt."
return
fi
log "🔒 LOCK: Killing Agent..."
# Kill existing agents
if [ -n "$SSH_AGENT_PID" ]; then kill "$SSH_AGENT_PID" 2>/dev/null; fi
pkill -u "$USER" ssh-agent
# Clean Environment
unset SSH_AUTH_SOCK SSH_AGENT_PID
rm -f "$SOCKET_PATH"
# Respawn & Bind to fixed socket
eval "$(ssh-agent -a "$SOCKET_PATH" -s)" >/dev/null
# Save Environment for others
echo "export SSH_AUTH_SOCK=$SOCKET_PATH" > "$HOME/.ssh/agent-environment"
echo "export SSH_AGENT_PID=$SSH_AGENT_PID" >> "$HOME/.ssh/agent-environment"
log "✨ RESPAWN: Neuer Agent (PID: $SSH_AGENT_PID)"
}
# 3. MATE Hardening: Sofort sperren, keine Grace-Period
gsettings set org.mate.screensaver lock-enabled true
gsettings set org.mate.screensaver lock-delay 0
# Init: Sofort einmal ausführen, damit der Key-Store definiert ist
if [ ! -f "$HOME/.ssh/agent-environment" ]; then
log "INIT: Starte initialen Agent..."
restart_agent
fi
log "Watchdog gestartet (PID $$). Warte auf Lock-Events..."
# 4. Der DBus Loop
dbus-monitor --session "type='signal',interface='org.mate.ScreenSaver',member='ActiveChanged'" 2>/dev/null |
while read -r line; do
if echo "$line" | grep -q "boolean true"; then
# EVENT: Screen Locked -> Kill Agent
mate-screensaver-command --lock 2>/dev/null # Double Tap
restart_agent
fi
done
Reference in New Issue View Git Blame Copy Permalink