Use socat instead of ncat

[reynir]

socat seems to be more widely available. For example, the debian 9 template comes with socat, but nmap has to be installed in order to get ncat.

I might send a pull request if I get around to implementing this.

[xaki23]

i am unsure how to turn this into a proper pull request, but the magic line for client (+vault) rc.local is ...

    sudo -u user /bin/sh -c "umask 177 && exec socat -T 5 'UNIX-LISTEN:$SSH_SOCK,fork' 'EXEC:qrexec-client-vm $SSH_VAULT_VM qubes.SshAgent'" &

this fixes mutliple issues: a) the exec means the sudo process is not staying around. (cosmetic) b) the -T 5 means clients are shut down after 5 seconds of idle. (this fixes the very annoying concurrent-qrexec-sessions problem, and the ssh client doesnt care, it will create a new connection as needed if you are working f.ex. with agent forwarding) c) more cosmetics on the quoting style and where the ampersand goes.

HTH

[xaki23]

yikes, TIL that the timeout is a bad idea for the vault-vm. ssh-add opens the agent socket right after start, and then is unwilling to reopen it if you take longer to type your passphrase (correctly) than the timeout duration.

so really long timeout (or no timeout) for the vault-adapter.