Support ControlMaster and ControlPersist

[zachriggle]

It looks like using Secretive as the IdentityAgent invalidates options specified in ~/.ssh/config such as ControlMaster and ControlPersist.

This means that I cannot set keep alive to ~15 minutes to allow repeated connections to not require TouchID.

[Manouchehri]

Hmm, what's your full ~/.ssh/config? It's working fine for me with this config:

Host *
	ControlMaster auto
	ControlPath /Users/dave/.ssh/sockets/%r@%h-%p
	ControlPersist 15m
	ServerAliveInterval 25
	ServerAliveCountMax 1
	TCPKeepAlive no
	IdentityAgent /Users/dave/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh
        ConnectTimeout 3

Seems to work fine with either ssh version I have installed:

dave@mbp ~ % /opt/homebrew/bin/ssh -V
OpenSSH_9.0p1, OpenSSL 1.1.1q  5 Jul 2022
dave@mbp ~ % /usr/bin/ssh -V
OpenSSH_9.0p1, LibreSSL 3.3.6

[zachriggle]

I've borrowed your log and verified that the SSH control socket does get created, but it also gets torn down immediately -- i.e. ControlPersist does not take effect. (Changing the value to "yes" also does not keep the socket around.)

https://gist.github.com/zachriggle/5cf92282c503d07cd5f6927bdbcd3474

Notable lines from the log are...

debug1: Control socket "/Users/zachriggle/.ssh/sockets/git@github.com-22" does not exist
...
Authenticated to github.com ([140.82.113.3]:22) using "publickey".
...
debug1: setting up multiplex master socket
debug3: muxserver_listen: temporary control path /Users/zachriggle/.ssh/sockets/git@github.com-22.o1dzLZqjYcpqZvuc
...
debug1: channel 0: new [/Users/zachriggle/.ssh/sockets/git@github.com-22]
...
debug1: channel 0: free: /Users/zachriggle/.ssh/sockets/git@github.com-22, nchannels 1
debug3: channel 0: status: The following connections are open:

Transferred: sent 2636, received 2428 bytes, in 0.1 seconds
Bytes per second: sent 23040.3, received 21222.3
debug1: Exit status 0

$ ls -la ~/.ssh/sockets
total 0
drwxr-xr-x  2 zachriggle staff  64 2022-10-11 05:03 ./
drwx------ 12 zachriggle staff 384 2022-10-11 04:58 ../

[Manouchehri]

Huh, that's really odd.. I added IdentityFile to my config as well, still works. I've been using Secretive with multiplexing for almost the entire past year.

dave@mbp ~ % /usr/bin/ssh -T git@github.com     
Hi Manouchehri! You've successfully authenticated, but GitHub does not provide shell access.
dave@mbp ~ % /usr/bin/ssh -T git@github.com -vvv
OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/dave/.ssh/config
debug1: /Users/dave/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/dave/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/dave/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 98471
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 2
Hi Manouchehri! You've successfully authenticated, but GitHub does not provide shell access.
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1

dave@mbp ~ % ls -la ~/.ssh/sockets
total 0
drwxr-xr-x   8 dave  staff  256 Oct 11 11:42 .
drwxr-xr-x  18 dave  staff  576 Oct  4 11:28 ..
srw-------   1 dave  staff    0 Oct 11 11:42 git@github.com-22