I am using the following setup:
OpenSSL is configured to use libtpm:
engines = engine_section
foo = tpm_section
dynamic_path = /usr/local/lib/openssl/engines/libtpm.so
engine_id = tpm
default_algorithms = ALL
#default_algorithms = RAND,RSA
init = 1
SSH client is configured to use libsimple-tpm-pk11.so:
I am using a vanilla /usr/local/etc/tcsd.conf
I start ssh-agent from my .xsession file as
eval `/usr/bin/ssh-agent -s`
therefore it does not die when I kill my X session.
I noticed that tcsd blocks system shutdown (gets killed eventually by the watchdog).
Quick look at the source code and open sockets reveals, that ssh-agent maintains a persistent connection to tcsd.
The easiest way to reproduce the problem with my config is to start a separate shell with
and try to stop tcsd in another terminal:
sudo service tcsd stop
as long as the shell is running tcsd will not stop.
It is enough to exit the shell and after a second or two tcsd will shutdown.
The shutdown is immediate if ssh-agent is not running.
I think tcsd should be able to notice earlier that it is time to close its sockets and go away.