Commit d75f2d39 authored by Peter Pentchev's avatar Peter Pentchev

New upstream version 2.8.4

parent d774eefe
......@@ -2,7 +2,7 @@
# Copyright 2002-2006 Gentoo Foundation
# Copyright 2007 Aron Griffis <>
# Copyright 2009-2015 Funtoo Solutions, Inc.
# Copyright 2009-2017 Funtoo Solutions, Inc.
# lockfile() Copyright 2009 Parallels, Inc.
# Distributed under the GNU General Public License version 2
......@@ -10,7 +10,16 @@
# Originally authored by Daniel Robbins <>
# Maintained August 2002 - April 2003 by Seth Chandler <>
# Maintained and rewritten April 2004 - July 2007 by Aron Griffis <>
# Maintained July 2009 - present by Daniel Robbins <>
# Maintained July 2009 - September 2017 by Daniel Robbins <>
# Maintained September 2017 - present by Ryan Harris <>
* keychain 2.8.4 (19 Oct 2017)
Summary: Support to GPG2 (Ryan Harris)
Support busybox ps (Alastair Hughes)
Various optimizations
* keychain 2.8.3 (24 Jun 2016)
......@@ -67,9 +76,9 @@
Various changes and updates:
Fixes for fish from Marc Joliet.
Keychain will default to start only ssh-agent unless GPG is explicitly
updated using --agents.
updated using --agents.
Write ~/.gpg-agent-info when launching gpg-agent - fix from Thomas Spura.
......@@ -122,7 +131,7 @@
29 Sep 2009; Daniel Robbins <>: disable "Identity added"
messages when --quiet is specified (Gentoo bug #250328, thanks to Richard
Laager,) --help will print output to stdout (Gentoo bug #196060, thanks to
Elan Ruusamäe,) output cleanup and colorization changes - moving away from
Elan Ruusam�e,) output cleanup and colorization changes - moving away from
blue and over to cyan as it displays better terminals with black background.
Also some additional colorization. Version bump to 2.6.10.
......@@ -166,9 +175,9 @@
Add validinherit function so that validity of SSH_AUTH_SOCK and friends can be
validated from startagent rather than up front. The advantage is that warning
messages aren't emitted unnecessarily when --inherit *-once.
Fix --eval for fish, and add new testcases:
Fix --eval for fish, and add new testcases:
* keychain 2.6.3 (07 Sep 2006)
......@@ -374,7 +383,7 @@
* keychain 2.0.3 (06 Apr 2003)
06 Apr 2003; Seth Chandler <>:
Added keychain man page, fixed bugs with displaying colors for keychain
Added keychain man page, fixed bugs with displaying colors for keychain
--help. Also added a $grepopts to fix the grepping for a pid on cygwin
Also added a TODO document
color fix based on submission by Luke Holden <>
......@@ -401,13 +410,13 @@
adding the missingkeys via "ssh-add ${missingkeys}" (at line 454 of version
2.0) so that it reads: "ssh-add ${missingkeys} < /dev/null" then users can
use program like x11-ssh-askpass in xfree to type in their passphrase. It
then still works for users on shell, depending if $DISPLAY is set." Added.
then still works for users on shell, depending if $DISPLAY is set." Added.
24 Aug 2002; A fix to calling "tail" that *should* fix things for Tru64 Unix;
unfortunately, I have no way to test but the solution should be portable to
all other flavors of systems. Thanks to Mark Scarborough
<> for reporting the issue.
24 Aug 2002; Changed around the psopts detection stuff so that "-x -u $me f"
is used; this is needed on MacOS X. Thanks to Brian Bergstrand
<>, others for reporting this issue.
......@@ -416,17 +425,17 @@
17 Aug 2002; (Many submitters): A fix for keychain when running on HP-UX
17 Aug 2002; Patrice DUMAS - DOCT <>: Now perform help
early on to avoid unnecessary processing. Also added --dir option to allow
keychain to look in an alternate location for the .keychain directory (use
like this: "keychain --dir /var/foo")
17 Aug 2002; Martial MICHEL <>: Martial also
suggested moving help processing to earlier in the script. He also submitted
a patch to place .ssh-agent-* files in a ~/.keychain/ directory, which makes
sense particularly for NFS users so I integrated the concept into the code.
17 Aug 2002; Fred Carter <>: Cygwin fix to use
proper "ps" options.
......@@ -450,12 +459,12 @@
* keychain 1.9 (04 Mar 2002)
04 Mar 2002; changed license from "GPL, v2 or later" to "GPL v2".
04 Mar 2002; added "keychain.cygwin" for Cygwin systems. It may be time to
follow this pattern and start building separate, optimized scripts for each
platform so they don't get too sluggish. Maybe I could use a C preprocessor
for this.
06 Dec 2001; several people: Solaris doesn't like '-e' comparisons; switched
to '-f'
......@@ -464,11 +473,11 @@
29 Nov 2001; Philip Hallstrom ( Added a "--local"
option for removing the ${HOSTNAME} from the various files that keychain
creates. Handy for non-NFS users.
29 Nov 2001; Aron Griffis ( Using the Bourne shell "type"
builtin rather than using the external "which" command. Should make things a
lot more robust and slightly faster.
09 Nov 2001; Mike Briseno ( Solaris' "which" command outputs
"no lockfile in..." to stdout rather than stderr. A one-line fix (test the
error condition) has been applied.
......@@ -486,15 +495,15 @@
09 Nov 2001; Victor Leitman ( CYAN color misdefined;
27 Oct 2001; Brian Wellington ( A "quiet mode" (--quiet)
fix; I missed an "echo".
27 Oct 2001; J.A. Neitzel ( Missed another "kill -9"; it's
now gone.
* keychain 1.7 (21 Oct 2001)
* keychain 1.7 (21 Oct 2001)
21 Oct 2001; Frederic Gobry ( Frederic suggested
using procmail's lockfile to serialize the execution of critical parts of
keychain, thus avoiding multiple ssh-agent processes being started if you
......@@ -502,20 +511,20 @@
Initially, I didn't think I could add this, since systems may not have the
lockfile command; however, keychain will now auto-detect whether lockfile is
installed; if it is, keychain will automatically use it, thus preventing
multiple ssh-agent processes from being spawned.
multiple ssh-agent processes from being spawned.
21 Oct 2001; Raymond Wu ( --nocolor test is no longer inside
the test for whether "echo -e" works. According to Raymond, this works
optimally on his Solaris box.
21 Oct 2001; J.A. Neitzel ( No longer "kill -9" our
ssh-agent processes. SIGTERM should be sufficient and will allow ssh-agent to
clean up after itself (this reverses a previously-applied patch).
21 Oct 2001; Thomas Finneid ( Added argument "--quiet |
-q" to make the program less intrusive to the user; with it, only error and
interactive messages will appear.
21 Oct 2001; Thomas Finneid ( Changed the format of some
arguments to bring them more in line with common *nix programs: added "-h" as
alias for "--help"; added "-k" as alias for "--stop"
......@@ -523,7 +532,7 @@
21 Oct 2001; Mark Stosberg ( $pidf to "$pidf" fixes to
allow keychain to work with paths that include spaces (for Darwin and MacOS X
in particular).
21 Oct 2001; Jonathan Wakely ( Small patch to convert
"echo -n -e" to "echo -e "\c"" for FreeBSD compatibility.
......@@ -531,7 +540,7 @@
13 Oct 2001; Ralf Horstmann ( Add /usr/ucb to
path for Solaris systems.
11 Oct 2001; Idea from Joe Reid ( Try to add multiple keys
using ssh-add; avoid typing in identical passphrases more than once. Good
......@@ -540,7 +549,7 @@
21 Sep 2001; David Hull ( misc. compatibility, signal
handling, cleanup fixes
21 Sep 2001; "ps" test to find the right one for your OS.
20 Sep 2001; Marko Myllynen ( "grep [s]sh-agent" to "grep
......@@ -558,17 +567,17 @@
20 Sep 2001; Hans Peter Verne (; "echo -e" to "echo $E"
(for IRIX compatibility with --nocolor), optimization of grep ("grep
17 Sep 2001; Marko Myllynen ( Various fixes: trap signal 2
if signal INT not supported (NetBSD); handle invalid keys correctly; ancient
version of ash didn't support ~, so using $HOME; correct zsh instruction;
minor cleanups
*keychain 1.3 (12 Sep 2001)
12 Sep 2001; Minor color changes; the cyan was hard to read on xterm-colored
terms so it was switched to bold. Additional --help text added.
10 Sep 2001; We now use .ssh-agent-[hostname] instead of .ssh-agent. We now
create a .ssh-agent-csh-[hostname] file that can be sourced by csh-compatible
shells. We also now kill all our existing ssh-agent processes before
......@@ -584,13 +593,13 @@
10 Sep 2001; Marko Myllynen ( rm -f $pidf after stopping
ssh-agent fix
*keychain 1.2
*keychain 1.2
09 Sep 2001; README updates to reflect new changes.
09 Sep 2001; Marko Myllynen ( bash 1/zsh/sh compatibility;
now only tries to kill *your* ssh-agent processes, version fix, .ssh-agent
file creation error detection. Thanks!
file creation error detection. Thanks!
*keychain 1.1; fixes for calling "pidof"; README; ChangeLog
......@@ -599,10 +608,10 @@
07 Sep 2001; Explicitly added /sbin and /usr/sbin to path, and then called
"pidof". I think that this is a bit more robust.
06 Sep 2001; from John Ellson ( "pidof" changed to
"/sbin/pidof", since it's probably not in $PATH
06 Sep 2001; New ChangeLog! :)
*keychain 1.0; initial release (Aug 2001)
Introduction to Keychain
IMPORTANT - GitHub Contributors
Please apply your patches to ``, *not* the generated `keychain`
script, which we are now including in the git repo to facilitate the
distribution of release archives direct from GitHub. The file `keychain` and
related generated file (man pages, spec file) may be out-of-date during active
development. We will regenerate them for official release archives only (those
tagged with the release version.) Thanks!
Please submit Introduction to Keychain
**Official documentation for Keychain can be found on [the official Keychain
......@@ -15,3 +25,4 @@ time your local machine is rebooted. `Keychain` also makes it easy for remote
cron jobs to securely "hook in" to a long running `ssh-agent` process,
allowing your scripts to take advantage of key-based logins.
# Copyright 1999-2005 Gentoo Foundation
# Copyright 2007 Aron Griffis <>
# Copyright 2009-2017 Funtoo Solutions, Inc.
# lockfile() Copyright 2009 Parallels, Inc.
# Distributed under the terms of the GNU General Public License v2
# Originally authored by Daniel Robbins <>
# Maintained August 2002 - April 2003 by Seth Chandler <>
# Maintained and rewritten April 2004 - July 2007 by Aron Griffis <>
# Maintained July 2009 - Sept 2017 by Daniel Robbins <>
# Maintained September 2017 - present by Ryan Harris <>
unset mesglog
unset myaction
unset agentsopt
unset hostopt
unset stopwhich
unset timeout
unset ssh_timeout
unset sshavail
unset sshkeys
unset gpgkeys
unset mykeys
unset envf
unset ssh_confirm
# GNU awk and sed have regex issues in a multibyte environment. If any locale
# variables are set, then override by setting LC_ALL
unset pinentry_locale
if [ -n "$LANG$LC_ALL" ] || [ -n "$(locale 2>/dev/null | egrep -v '="?(|POSIX|C)"?$' 2>/dev/null)" ]; then
# save LC_ALL so that pinentry-curses works right. This has always worked
# correctly for me but peper and kloeri had problems with it.
export LC_ALL
# synopsis: qprint "message"
qprint() {
$quietopt || echo "$*" >&2
# synopsis: mesg "message"
# Prettily print something to stderr, honors quietopt
mesg() {
qprint " ${GREEN}*${OFF} $*"
# synopsis: warn "message"
# Prettily print a warning to stderr
warn() {
echo " ${RED}* Warning${OFF}: $*" >&2
# synopsis: error "message"
# Prettily print an error
error() {
echo " ${RED}* Error${OFF}: $*" >&2
# synopsis: die "message"
# Prettily print an error, then abort
die() {
[ -n "$1" ] && error "$*"
$evalopt && { echo; echo "false;"; }
exit 1
# synopsis: versinfo
# Display the version information
versinfo() {
qprint " Copyright ${CYANN}2002-2006${OFF} Gentoo Foundation;"
qprint " Copyright ${CYANN}2007${OFF} Aron Griffis;"
qprint " Copyright ${CYANN}2009-2017${OFF} Funtoo Solutions, Inc;"
qprint " lockfile() Copyright ${CYANN}2009${OFF} Parallels, Inc."
qprint " Keychain is free software: you can redistribute it and/or modify"
qprint " it under the terms of the ${CYANN}GNU General Public License version 2${OFF} as"
qprint " published by the Free Software Foundation."
# synopsis: helpinfo
# Display the help information. There's no really good way to use qprint for
# this...
helpinfo() {
cat >&1 <<EOHELP
keychain [ ${GREEN}-hklQqV${OFF} ] [ ${GREEN}--clear${OFF} ${GREEN}--confhost${OFF} ${GREEN}--gpg2${OFF} ${GREEN}--help${OFF} ${GREEN}--ignore-missing${OFF}
${GREEN}--list${OFF} ${GREEN}--noask${OFF} ${GREEN}--nocolor${OFF} ${GREEN}--nogui${OFF} ${GREEN}--nolock${OFF} ${GREEN}--quick${OFF} ${GREEN}--quiet${OFF} ${GREEN}--version${OFF} ]
[ ${GREEN}--agents${OFF} ${CYAN}list${OFF} ] [ ${GREEN}--attempts${OFF} ${CYAN}num${OFF} ] [ ${GREEN}--dir${OFF} ${CYAN}dirname${OFF} ]
[ ${GREEN}--host${OFF} ${CYAN}name${OFF} ] [ ${GREEN}--lockwait${OFF} ${CYAN}seconds${OFF} ]
[ ${GREEN}--stop${OFF} ${CYAN}which${OFF} ] [ ${GREEN}--timeout${OFF} ${CYAN}minutes${OFF} ] [ keys... ]
${GREEN}--agents${OFF} ${CYAN}list${OFF}
Start the agents listed. By default keychain will start ssh-agent if
it is found in your path. The list should be comma-separated, for
example "gpg,ssh"
${GREEN}--attempts${OFF} ${CYAN}num${OFF}
Try num times to add keys before giving up. The default is 1.
Delete all of ssh-agent's keys. Typically this is used in
.bash_profile. The theory behind this is that keychain should assume
that you are an intruder until proven otherwise. However, while this
option increases security, it still allows your cron jobs to use
your ssh keys when you're logged out.
By default, keychain will look for key pairs in the ~/.ssh/
directory. The ${GREEN}--confhost${OFF} option will inform keychain to look in
~/.ssh/config for IdentityFile settings defined for particular
hosts, and use these paths to locate keys.
Keys are subject to interactive confirmation by the SSH_ASKPASS
program before being used for authentication. See the ${GREEN}-c${OFF} option for
Any arguments to "--dir" are interpreted to be absolute. The default
behavior is to append "/.keychain" to the argument for backwards
${GREEN}--dir${OFF} ${CYAN}dirname${OFF}
Keychain will use dirname rather than \$HOME/.keychain
Keychain will print lines in KEY=value format representing the
values which are set by the agents.
Keychain will print lines to be evaluated in the shell on stdout. It
respects the SHELL environment variable to determine if Bourne shell
or C shell output is expected.
${GREEN}--env${OFF} ${CYAN}filename${OFF}
After parsing options, keychain will load additional environment
settings from "filename". By default, if "--env" is not given, then
keychain will attempt to load from ~/.keychain/[hostname]-env or
alternatively ~/.keychain/env. The purpose of this file is to
override settings such as PATH, in case ssh is stored in a
non-standard place.
This option changes the default gpg calls to use gpg2 instead to
support distributions such as Ubuntu which has both gpg and gpg2
${GREEN}-h${OFF} ${GREEN}--help${OFF}
Show help that looks remarkably like this man-page. As of 2.6.10,
help is sent to stdout so it can be easily piped to a pager.
${GREEN}--host${OFF} ${CYAN}name${OFF}
Set alternate hostname for creation of pidfiles
Don't warn if some keys on the command-line can't be found. This is
useful for situations where you have a shared .bash_profile, but
your keys might not be available on every machine where keychain is
${GREEN}--inherit${OFF} ${CYAN}which${OFF}
Attempt to inherit agent variables from the environment. This can be
useful in a variety of circumstances, for example when ssh-agent is
started by gdm. The following values are valid for "which":
local Inherit when a pid (e.g. SSH_AGENT_PID) is set in the
environment. This disallows inheriting a forwarded
any Inherit when a sock (e.g. SSH_AUTH_SOCK) is set in the
environment. This allows inheriting a forwarded agent.
local-once Same as "local", but only inherit if keychain isn't
already providing an agent.
any-once Same as "any", but only inherit if keychain isn't
already providing an agent.
By default, keychain-2.5.0 and later will behave as if "--inherit
local-once" is specified. You should specify "--noinherit" if you
want the older behavior.
${GREEN}-l${OFF} ${GREEN}--list${OFF}
List signatures of all active SSH keys, and exit, similar to
"ssh-add ${GREEN}-l${OFF}".
${GREEN}-L${OFF} ${GREEN}--list-fp${OFF}
List fingerprints of all active SSH keys, and exit, similar to
"ssh-add ${GREEN}-L${OFF}".
${GREEN}--lockwait${OFF} ${CYAN}seconds${OFF}
How long to wait for the lock to become available. Defaults to 5
seconds. Specify a value of zero or more. If the lock cannot be
acquired within the specified number of seconds, then this keychain
process will forcefully acquire the lock.
This option tells keychain do everything it normally does (ensure
ssh-agent is running, set up the ~/.keychain/[hostname]-{c}sh files)
except that it will not prompt you to add any of the keys you
specified if they haven't yet been added to ssh-agent.
Disable color hilighting for non ANSI-compatible terms.
Don't honor SSH_ASKPASS, if it is set. This will cause ssh-add to
prompt on the terminal instead of using a graphical program.
Don't inherit any agent processes, overriding the default "--inherit
Don't attempt to use a lockfile while manipulating files, pids and
${GREEN}-k${OFF} ${GREEN}--stop${OFF} ${CYAN}which${OFF}
Kill currently running agent processes. The following values are
valid for "which":
all Kill all agent processes and quit keychain immediately.
Prior to keychain-2.5.0, this was the behavior of the bare
"--stop" option.
others Kill agent processes other than the one keychain is
providing. Prior to keychain-2.5.0, keychain would do this
automatically. The new behavior requires that you specify
it explicitly if you want it.
mine Kill keychain's agent processes, leaving other agents
Inject environment variables into the systemd ${GREEN}--user${OFF} session.
${GREEN}-Q${OFF} ${GREEN}--quick${OFF}
If an ssh-agent process is running then use it. Don't verify the
list of keys, other than making sure it's non-empty. This option
avoids locking when possible so that multiple terminals can be
opened simultaneously without waiting on each other.
${GREEN}-q${OFF} ${GREEN}--quiet${OFF}
Only print messages in case of warning, error or required
interactivity. As of version 2.6.10, this also suppresses
"Identities added" messages for ssh-agent.
${GREEN}--timeout${OFF} ${CYAN}minutes${OFF}
Allows a timeout to be set for identities added to ssh-agent. When
this option is used with a keychain invocation that starts ssh-agent
itself, then keychain uses the appropriate ssh-agent option to set
the default timeout for ssh-agent. The ${GREEN}--timeout${OFF} option also gets
passed to ssh-add invocations, so any keys added to a running
ssh-agent will be individually configured to have the timeout
specified, overriding any ssh-agent default.
Most users can simply use the timeout setting they desire and get
the result they want ${GREEN}--${OFF} with all identities having the specified
timeout, whether added by keychain or not. More advanced users can
use one invocation of keychain to set the default timeout, and
optionally set different timeouts for keys added by using a
subsequent invocation of keychain.
${GREEN}-V${OFF} ${GREEN}--version${OFF}
Show version information.
# synopsis: testssh
# Figure out which ssh is in use, set the global boolean $openssh and $sunssh
testssh() {
# Query local host for SSH application, presently supporting
# OpenSSH, Sun SSH, and
case "$(ssh -V 2>&1)" in
*OpenSSH*) openssh=true ;;
*Sun?SSH*) sunssh=true ;;
# synopsis: getuser
# Set the global string $me
getuser() {
# id -un gives euid, which might be different from USER or LOGNAME
me=$(id -un) || die "Who are you? id -un doesn't know..."
# synopsis: getos
# Set the global string $OSTYPE
getos() {
OSTYPE=$(uname) || die 'uname failed'
# synopsis: verifykeydir
# Make sure the key dir is set up correctly. Exits on error.
verifykeydir() {
# Create keydir if it doesn't exist already
if [ -f "${keydir}" ]; then
die "${keydir} is a file (it should be a directory)"
# Solaris 9 doesn't have -e; using -d....
elif [ ! -d "${keydir}" ]; then
( umask 0077 && mkdir "${keydir}"; ) || die "can't create ${keydir}"
lockfile() {
# This function originates from Parallels Inc.'s OpenVZ vpsreboot script
# Description: This function attempts to acquire the lock. If it succeeds,
# it returns 0. If it fails, it returns 1. This function retuns immediately
# and only tries to acquire the lock once.
local tmpfile="$lockf.$$"
echo $$ >"$tmpfile" 2>/dev/null || exit
if ln "$tmpfile" "$lockf" 2>/dev/null; then
rm -f "$tmpfile"
havelock=true && return 0
if kill -0 $(cat $lockf 2>/dev/null) 2>/dev/null; then
rm -f "$tmpfile"
return 1
if ln "$tmpfile" "$lockf" 2>/dev/null; then
rm -f "$tmpfile"
havelock=true && return 0
rm -f "$tmpfile" "$lockf" && return 1
takelock() {
# Description: This function calls lockfile() multiple times if necessary
# to try to acquire the lock. It returns 0 on success and 1 on failure.
# Change in behavior: if timeout expires, we will forcefully acquire lock.
[ "$havelock" = "true" ] && return 0
[ "$nolockopt" = "true" ] && return 0
# First attempt:
lockfile && return 0
local counter=0
mesg "Waiting $lockwait seconds for lock..."
while [ "$counter" -lt "$(( $lockwait * 2 ))" ]
lockfile && return 0
sleep 0.5; counter=$(( $counter + 1 ))
rm -f "$lockf" && lockfile && return 0
return 1
# synopsis: droplock
# Drops the lock if we're holding it.
droplock() {
$havelock && [ -n "$lockf" ] && rm -f "$lockf"
# synopsis: findpids [prog]
# Returns a space-separated list of agent pids.
# prog can be ssh or gpg, defaults to ssh. Note that if another prog is ever
# added, need to pay attention to the length for Solaris compatibility.
findpids() {
unset fp_psout
# Different systems require different invocations of ps. Try to generalize
# the best we can. The only requirement is that the agent command name
# appears in the line, and the PID is the first item on the line.
[ -n "$OSTYPE" ] || getos
# Try systems where we know what to do first
case "$OSTYPE" in
fp_psout=$(ps x 2>/dev/null) ;; # BSD syntax
fp_psout=$(ps -u $me 2>/dev/null) ;; # SysV syntax
case $(uname -r) in
fp_psout=$(ps -u $me 2>/dev/null) ;; # SysV syntax
fp_psout=$(ps x 2>/dev/null) ;; # BSD syntax
esac ;;
fp_psout=$(ps -g 2>/dev/null) ;; # GNU Hurd syntax
# If we didn't get a match above, try a list of possibilities...
# The first one will probably fail on systems supporting only BSD syntax.
if [ -z "$fp_psout" ]; then
fp_psout=$(UNIX95=1 ps -u $me -o pid,comm 2>/dev/null | grep '^ *[0-9]')
[ -z "$fp_psout" ] && fp_psout=$(ps x 2>/dev/null)
[ -z "$fp_psout" ] && fp_psout=$(ps w 2>/dev/null) # Busybox syntax
# Return the list of pids; ignore case for Cygwin.
# Check only 8 characters since Solaris truncates at that length.
# Ignore defunct ssh-agents (bug 28599)
if [ -n "$fp_psout" ]; then
echo "$fp_psout" | \
awk "BEGIN{IGNORECASE=1} /defunct/{next}
/$fp_prog-[a]gen/{print \$1}" | xargs
return 0
# If none worked, we're stuck
error "Unable to use \"ps\" to scan for $fp_prog-agent processes"
error "Please report to $maintainer via"
return 1
# synopsis: stopagent [prog]
# --stop tells keychain to kill the existing agent(s)
# prog can be ssh or gpg, defaults to ssh.
stopagent() {
eval stop_except=\$\{${stop_prog}_agent_pid\}
stop_mypids=$(findpids "$stop_prog")
[ $? = 0 ] || die
if [ -z "$stop_mypids" ]; then
mesg "No $stop_prog-agent(s) found running"
return 0
case "$stopwhich" in
kill $stop_mypids >/dev/null 2>&1
mesg "All ${CYANN}$me${OFF}'s $stop_prog-agents stopped: ${CYANN}$stop_mypids${OFF}"
# Try to handle the case where we *will* inherit a pid
kill -0 $stop_except >/dev/null 2>&1
if [ -z "$stop_except" -o $? != 0 -o \
"$inheritwhich" = local -o "$inheritwhich" = any ]; then
if [ "$inheritwhich" != none ]; then
eval stop_except=\$\{inherit_${stop_prog}_agent_pid\}
kill -0 $stop_except >/dev/null 2>&1
if [ -z "$stop_except" -o $? != 0 ]; then
# Handle ssh2
eval stop_except=\$\{inherit_${stop_prog}2_agent_pid\}