chezmoi init

dot_oh-my-zsh/plugins/ssh-agent/README.md

@@ -0,0 +1,133 @@
+# ssh-agent plugin
+
+This plugin starts automatically `ssh-agent` to set up and load whichever
+credentials you want for ssh connections.
+
+To enable it, add `ssh-agent` to your plugins:
+
+```zsh
+plugins=(... ssh-agent)
+```
+
+## Settings
+
+**IMPORTANT: put these settings _before_ the line that sources oh-my-zsh**
+
+### `agent-forwarding`
+
+To enable **agent forwarding support** add the following to your zshrc file:
+
+```zsh
+zstyle :omz:plugins:ssh-agent agent-forwarding yes
+```
+
+### `helper`
+
+To set an **external helper** to ask for the passwords and possibly store
+them in the system keychain use the `helper` style. For example:
+
+```zsh
+zstyle :omz:plugins:ssh-agent helper ksshaskpass
+```
+
+### `identities`
+
+To **load multiple identities** use the `identities` style (**this has no effect
+if the `lazy` setting is enabled**). For example:
+
+```zsh
+zstyle :omz:plugins:ssh-agent identities id_rsa id_rsa2 id_github
+```
+
+**NOTE:** the identities may be an absolute path if they are somewhere other than
+`~/.ssh`. For example:
+
+```zsh
+zstyle :omz:plugins:ssh-agent identities ~/.config/ssh/id_rsa ~/.config/ssh/id_rsa2 ~/.config/ssh/id_github
+# which can be simplified to
+zstyle :omz:plugins:ssh-agent identities ~/.config/ssh/{id_rsa,id_rsa2,id_github}
+```
+
+### `lazy`
+
+To **NOT load any identities on start** use the `lazy` setting. This is particularly
+useful when combined with the `AddKeysToAgent` setting (available since OpenSSH 7.2),
+since it allows to enter the password only on first use. _NOTE: you can know your
+OpenSSH version with `ssh -V`._
+
+```zsh
+zstyle :omz:plugins:ssh-agent lazy yes
+```
+
+You can enable `AddKeysToAgent` by passing `-o AddKeysToAgent=yes` to the `ssh` command,
+or by adding `AddKeysToAgent yes` to your `~/.ssh/config` file [1].
+See the [OpenSSH 7.2 Release Notes](http://www.openssh.com/txt/release-7.2).
+
+### `lifetime`
+
+To **set the maximum lifetime of the identities**, use the `lifetime` style.
+The lifetime may be specified in seconds or as described in sshd_config(5)
+(see _TIME FORMATS_). If left unspecified, the default lifetime is forever.
+
+```zsh
+zstyle :omz:plugins:ssh-agent lifetime 4h
+```
+
+### `quiet`
+
+To silence the plugin, use the following setting:
+
+```zsh
+zstyle :omz:plugins:ssh-agent quiet yes
+```
+
+### `ssh-add-args`
+
+To **pass arguments to the `ssh-add` command** that adds the identities on startup,
+use the `ssh-add-args` setting. You can pass multiple arguments separated by spaces:
+
+```zsh
+zstyle :omz:plugins:ssh-agent ssh-add-args -K -c -a /run/user/1000/ssh-auth
+```
+
+These will then be passed the `ssh-add` call as if written directly. The example
+above will turn into:
+
+```zsh
+ssh-add -K -c -a /run/user/1000/ssh-auth <identities>
+```
+
+For valid `ssh-add` arguments run `ssh-add --help` or `man ssh-add`.
+
+### Powerline 10k specific settings
+
+Powerline10k has an instant prompt setting that doesn't like when this plugin
+writes to the console. Consider using the following settings if you're using
+p10k (documented above):
+
+```
+zstyle :omz:plugins:ssh-agent quiet yes
+zstyle :omz:plugins:ssh-agent lazy yes
+```
+
+### macOS specific settings
+
+macOS supports using passphrases stored in the keychain when adding identities
+to the ssh-agent.
+
+```
+ssh-add --apple-use-keychain ~/.ssh/id_rsa ...
+```
+
+
+This plugin can be configured to use the keychain when loading using the following:
+
+```
+zstyle :omz:plugins:ssh-agent ssh-add-args --apple-load-keychain
+```
+
+## Credits
+
+Based on code from Joseph M. Reagle: https://www.cygwin.com/ml/cygwin/2001-06/msg00537.html
+
+Agent-forwarding support based on ideas from Florent Thoumie and Jonas Pfenniger

dot_oh-my-zsh/plugins/ssh-agent/ssh-agent.plugin.zsh

@@ -0,0 +1,119 @@
+# Get the filename to store/lookup the environment from
+ssh_env_cache="$HOME/.ssh/environment-$SHORT_HOST"
+
+function _start_agent() {
+  # Check if ssh-agent is already running
+  if [[ -f "$ssh_env_cache" ]]; then
+    . "$ssh_env_cache" > /dev/null
+
+    # Test if $SSH_AUTH_SOCK is visible
+    zmodload zsh/net/socket
+    if [[ -S "$SSH_AUTH_SOCK" ]] && zsocket "$SSH_AUTH_SOCK" 2>/dev/null; then
+      return 0
+    fi
+  fi
+
+  if [[ ! -d "$HOME/.ssh" ]]; then
+    echo "[oh-my-zsh] ssh-agent plugin requires ~/.ssh directory"
+    return 1
+  fi
+
+  # Set a maximum lifetime for identities added to ssh-agent
+  local lifetime
+  zstyle -s :omz:plugins:ssh-agent lifetime lifetime
+
+  # start ssh-agent and setup environment
+  zstyle -t :omz:plugins:ssh-agent quiet || echo >&2 "Starting ssh-agent ..."
+  ssh-agent -s ${lifetime:+-t} ${lifetime} | sed '/^echo/d' >! "$ssh_env_cache"
+  chmod 600 "$ssh_env_cache"
+  . "$ssh_env_cache" > /dev/null
+}
+
+function _add_identities() {
+  local id file line sig lines
+  local -a identities loaded_sigs loaded_ids not_loaded
+  zstyle -a :omz:plugins:ssh-agent identities identities
+
+  # check for .ssh folder presence
+  if [[ ! -d "$HOME/.ssh" ]]; then
+    return
+  fi
+
+  # add default keys if no identities were set up via zstyle
+  # this is to mimic the call to ssh-add with no identities
+  if [[ ${#identities} -eq 0 ]]; then
+    # key list found on `ssh-add` man page's DESCRIPTION section
+    for id in id_rsa id_dsa id_ecdsa id_ed25519 id_ed25519_sk identity; do
+      # check if file exists
+      [[ -f "$HOME/.ssh/$id" ]] && identities+=($id)
+    done
+  fi
+
+  # get list of loaded identities' signatures and filenames
+  if lines=$(ssh-add -l); then
+    for line in ${(f)lines}; do
+      loaded_sigs+=${${(z)line}[2]}
+      loaded_ids+=${${(z)line}[3]}
+    done
+  fi
+
+  # add identities if not already loaded
+  for id in $identities; do
+    # if id is an absolute path, make file equal to id
+    [[ "$id" = /* ]] && file="$id" || file="$HOME/.ssh/$id"
+    # check for filename match, otherwise try for signature match
+    if [[ -f $file && ${loaded_ids[(I)$file]} -le 0 ]]; then
+      sig="$(ssh-keygen -lf "$file" | awk '{print $2}')"
+      [[ ${loaded_sigs[(I)$sig]} -le 0 ]] && not_loaded+=("$file")
+    fi
+  done
+
+  # abort if no identities need to be loaded
+  if [[ ${#not_loaded} -eq 0 ]]; then
+    return
+  fi
+
+  # pass extra arguments to ssh-add
+  local args
+  zstyle -a :omz:plugins:ssh-agent ssh-add-args args
+
+  # if ssh-agent quiet mode, pass -q to ssh-add
+  zstyle -t :omz:plugins:ssh-agent quiet && args=(-q $args)
+
+  # use user specified helper to ask for password (ksshaskpass, etc)
+  local helper
+  zstyle -s :omz:plugins:ssh-agent helper helper
+
+  if [[ -n "$helper" ]]; then
+    if [[ -z "${commands[$helper]}" ]]; then
+      echo >&2 "ssh-agent: the helper '$helper' has not been found."
+    else
+      SSH_ASKPASS="$helper" ssh-add "${args[@]}" ${^not_loaded} < /dev/null
+      return $?
+    fi
+  fi
+
+  ssh-add "${args[@]}" ${^not_loaded}
+}
+
+# Add a nifty symlink for screen/tmux if agent forwarding is enabled
+if zstyle -t :omz:plugins:ssh-agent agent-forwarding \
+   && [[ -n "$SSH_AUTH_SOCK" ]]; then
+  if [[ ! -L "$SSH_AUTH_SOCK" ]]; then
+    if [[ -n "$TERMUX_VERSION" ]]; then
+      ln -sf "$SSH_AUTH_SOCK" "$PREFIX"/tmp/ssh-agent-$USERNAME-screen
+    else
+      ln -sf "$SSH_AUTH_SOCK" /tmp/ssh-agent-$USERNAME-screen
+    fi
+  fi
+else
+  _start_agent
+fi
+
+# Don't add identities if lazy-loading is enabled
+if ! zstyle -t :omz:plugins:ssh-agent lazy; then
+  _add_identities
+fi
+
+unset agent_forwarding ssh_env_cache
+unfunction _start_agent _add_identities