ssh-agent: improvements (#6309)

* ssh-agent: lock this script with a mkdir style mutex

This script is a kind of singleton pattern and is not reentrant.
If several shells are oppened in a fast sequence, then several
independent ssh-agents would be created, which is not acceptable.
A mutex is required.

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>

* ssh-agent: only start agent if .ssh dir exists

To use the same profile system-wide, it might happen
that the .ssh directory does not exist
(typically $HOME/.ssh/). This would trigger a error.

Creating the directory would be a option, but it
usually will not make sense to do so because it means
the user doesn't have ssh keys or config.

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>

* ssh-agent: adds lazy option to disable key loading on start

Option is documented on updated README.md

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>

* ssh-agent: simplify agent-forwarding checking

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>

Co-authored-by: Robby Russell <robby@planetargon.com>

plugins/ssh-agent/README.md

@@ -19,9 +19,17 @@ To enable **agent forwarding support** add the following to your zshrc file:
 zstyle :omz:plugins:ssh-agent agent-forwarding on
 ```
 
-----
+To **NOT load any identities on start** use the `lazy` style.
+This is particularly usefull when combined with the AddKeysToAgent
+(available from OpenSSH 7.2), since it allows to enter the password only
+on first use.
 
-To **load multiple identities** use the `identities` style, For example:
+```zsh
+zstyle :omz:plugins:ssh-agent lazy yes
+```
+
+To **load multiple identities** use the `identities` style. This have no
+effect if `lazy` is enabled.
 
 ```zsh
 zstyle :omz:plugins:ssh-agent identities id_rsa id_rsa2 id_github

plugins/ssh-agent/ssh-agent.plugin.zsh

@@ -1,4 +1,16 @@
-typeset _agent_forwarding _ssh_env_cache
+lockdir=/tmp/oh-my-zsh-ssh-agent.lock
+
+while true; do
+    if mkdir "$lockdir" 2>/dev/null
+    then    # directory did not exist, but was created successfully
+        trap 'rm -rf "$lockdir"' 0    # remove directory when script finishes
+        break    # continue with script
+    else
+        sleep 0.1  # sleep for 0.2 and try again
+    fi
+done
+
+typeset _ssh_env_cache
 
 function _start_agent() {
 	local lifetime
@@ -56,10 +68,7 @@ function _add_identities() {
 # Get the filename to store/lookup the environment from
 _ssh_env_cache="$HOME/.ssh/environment-$SHORT_HOST"
 
-# test if agent-forwarding is enabled
-zstyle -b :omz:plugins:ssh-agent agent-forwarding _agent_forwarding
-
-if [[ $_agent_forwarding == "yes" && -n "$SSH_AUTH_SOCK" ]]; then
+if zstyle -t :omz:plugins:ssh-agent agent-forwarding && [[ -n "$SSH_AUTH_SOCK" ]]; then
 	# Add a nifty symlink for screen/tmux if agent forwarding
 	[[ -L $SSH_AUTH_SOCK ]] || ln -sf "$SSH_AUTH_SOCK" /tmp/ssh-agent-$USERNAME-screen
 elif [[ -f "$_ssh_env_cache" ]]; then
@@ -73,12 +82,16 @@ elif [[ -f "$_ssh_env_cache" ]]; then
 	ps $FILTER | grep ssh-agent | grep -q $SSH_AGENT_PID || {
 		_start_agent
 	}
-else
+elif [[ -d $HOME/.ssh ]]; then
 	_start_agent
 fi
 
-_add_identities
+if ! zstyle -t :omz:plugins:ssh-agent lazy; then
+	_add_identities
+fi
 
 # tidy up after ourselves
-unset _agent_forwarding _ssh_env_cache
+unset _ssh_env_cache
 unfunction _start_agent _add_identities
+
+rm -rf "$lockdir"