Doing something when a Cinnamon-based laptop suspends or hibernates
I've used encrypted SSH keys for some time.
To make this tolerable (and even convenient), I load the keys into
ssh-agent. On my desktop, I make this more secure by automatically
flushing the keys when I lock the screen (details here). To get a similar effect on my laptop,
I want to flush the keys before it suspends (suspending the laptop
is roughly the equivalent of locking the screen on a desktop; it's
almost always what I do before I walk away from it). I also want
to force-close any lingering SSH connection masters, because it's pretty likely that
my network connection will be different when I un-suspend the laptop
(and in any case, the server end will probably have timed out).
In the beginning I did this by hand with a shell script or two. I usually remembered to run it before I suspended (my custom Cinnamon environment made it not too hard), but not always, and it was kind of a pain in general. Then I found out that it's possible to hook into the modern suspend process to automate this.
The important magic is that there is a standard freedesktop DBus signal that is emitted when
your modern DBus and systemd-enabled system is about to suspend or
hibernate itself. The DBus details are covered in this unix.se
and I simply copied and modified the Python code from David Newgas'
av program to make something I call
presusp.py. My version
does not have a
start() action to do things after the laptop
un-suspends, and its
shutdown() action is simply to run my shell
scripts that drop SSH keys and cleans up shared SSH sessions. If I
used my Yubikey more on Cinnamon (which is possible), I'd also run my script to drop the Yubikey
ssh-agent (covered here).
presusp.py is directly tied to my login session, I just
start it in a shell script I already have that does various things
to set up my Cinnamon session. This also terminates it when I log
out, although usually if I'm going to log out I just power down the
(Logging out and then back in again has been somewhat flaky under Cinnamon for me.)
PS: According to the logind DBus API there's
also a signal emitted before screen locking, although it comes from
your session instead of the overall manager. If I cared enough, I
could presumably hack up my
presusp.py to flush keys even on
screen lock. Right now this is too complicated for me to bother
with, since I rarely lock the screen on my laptop and step away
Sidebar: Restoring keys to
ssh-agent after an unsuspend
Unlike on my desktop, I don't try to automatically re-add my encrypted
ssh-agent when the laptop un-suspends. Instead I have my
.ssh/config set up with '
AddKeysToAgent yes', so that the first
time I ssh somewhere it automatically adds the keys to the agent
after prompting me to unlock and use them. This is a bit less
convenient than on my desktop but it works well enough under the
circumstances. It helps that I don't try to do fancy things with
remote X clients on the laptop; mostly what I do is SSH logins in