ssh-agent, keychain, xsession bash_profile scripting
in [Debian]
|
From: Adam Hardy on 15 Jan 2010 11:10 I've been chasing my tail trying to work this one out following different examples off the web, but can't sort it out and keep getting the old "Could not open a connection to your authentication agent." from ssh-add, and nothing but inaction from keychain. I know everything has to run as a child of ssh-agent to gain access to its envvars, but I don't how to achieve this. keychain id_rsa in my .bash_profile doesn't work, I still have to give ssh my password for the private key when I use ssh. I guess I should be setting up the envvars in my bash env somehow when getting them via 'ssh-agent -s' but I don't know the syntax to do this. I always boot into a command line and then run startx when I need it, and I think herein lies the problem - although I can't get it to work on the command line either with keychain or ssh-add. Thanks Adam -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: Jeff D on 15 Jan 2010 12:10 On Fri, 15 Jan 2010, Adam Hardy wrote: > I've been chasing my tail trying to work this one out following different > examples off the web, but can't sort it out and keep getting the old > > "Could not open a connection to your authentication agent." > > from ssh-add, and nothing but inaction from keychain. > > I know everything has to run as a child of ssh-agent to gain access to its > envvars, but I don't how to achieve this. > > keychain id_rsa in my .bash_profile doesn't work, I still have to give ssh my > password for the private key when I use ssh. > > I guess I should be setting up the envvars in my bash env somehow when getting > them via 'ssh-agent -s' but I don't know the syntax to do this. > > I always boot into a command line and then run startx when I need it, and I > think herein lies the problem - although I can't get it to work on the command > line either with keychain or ssh-add. > > Thanks > Adam Hi Adam, from the command line you can run : ssh-agent bash #that starts your agent for that shell, you will need to run that for each shell you want to have access to your keys ssh-add -i /path/to/your/key For X, in /etc/X11/Xsession.options, check and make sure you have use-ssh-agent in there. That should automatically start your ssh-agent for your X session. Then from a term you can run something like this: #!/bin/sh if ! ps -P $SSH_AGENT_PID ; then echo " need to run ssh-agent" exit 0 fi if ssh-add -l| egrep -i "dsa|rsa" ; then echo "keys there" else echo "need to add .keys" ssh-add /path/to/id_dsa fi -- 8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno. -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: Adam Hardy on 15 Jan 2010 12:20 Jeff D on 15/01/10 17:00, wrote: > On Fri, 15 Jan 2010, Adam Hardy wrote: > >> I've been chasing my tail trying to work this one out following different >> examples off the web, but can't sort it out and keep getting the old >> >> "Could not open a connection to your authentication agent." >> >> from ssh-add, and nothing but inaction from keychain. >> >> I know everything has to run as a child of ssh-agent to gain access to its >> envvars, but I don't how to achieve this. >> >> keychain id_rsa in my .bash_profile doesn't work, I still have to give ssh my >> password for the private key when I use ssh. >> >> I guess I should be setting up the envvars in my bash env somehow when getting >> them via 'ssh-agent -s' but I don't know the syntax to do this. >> >> I always boot into a command line and then run startx when I need it, and I >> think herein lies the problem - although I can't get it to work on the command >> line either with keychain or ssh-add. >> >> Thanks >> Adam > > > Hi Adam, > > from the command line you can run : > > ssh-agent bash > #that starts your agent for that shell, you will need to run that for each > shell you want to have access to your keys > ssh-add -i /path/to/your/key > > > For X, in /etc/X11/Xsession.options, check and make sure you have use-ssh-agent in there. [SNIP] What I'm trying to do is to get this set up in my .bash_profile so that I only need to type in my key password once when I log into the machine. I can't put the two command in my .bash_profile because the 2nd command won't get executed until the first bash shell exits. I do have the line in my Xsession.options -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
From: Boyd Stephen Smith Jr. on 15 Jan 2010 12:40 In <4B5092D0.60803(a)cyberspaceroad.com>, Adam Hardy wrote: >keychain id_rsa in my .bash_profile doesn't work, I still have to give ssh > my password for the private key when I use ssh. I use this for starting the daemons or connecting to existing daemons by setting environment variables in the current shell: eval "$(/usr/bin/keychain --eval --quiet --inherit any-once --stop others -- noask --lockwait 0)" I use this for adding keys to an existing daemon -- it doesn't change the environment at all: SSH_KEYS=('id_dsa') /usr/bin/keychain --inherit any-once --stop others --clear "${SSH_KEYS[@]}" -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss(a)iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
From: Florian Ernst on 15 Jan 2010 12:50
Hello all, On Fri, Jan 15, 2010 at 04:07:44PM +0000, Adam Hardy wrote: > I've been chasing my tail trying to work this one out following > different examples off the web, but can't sort it out and keep > getting the old > > "Could not open a connection to your authentication agent." > > from ssh-add, and nothing but inaction from keychain. > > I know everything has to run as a child of ssh-agent to gain access > to its envvars, but I don't how to achieve this. I used to have in $HOME/.bashrc: | AGENT_INFO_FILE=$HOME/.ssh/ssh-agent-info | if eval `cat "$AGENT_INFO_FILE"` 2> /dev/null && \ | kill -0 $SSH_AGENT_PID 2> /dev/null | then | eval `cut -d'=' -f 1 "$AGENT_INFO_FILE" | xargs echo export` | else | eval `ssh-agent -t 86400` > /dev/null | ( echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK"; | echo "SSH_AGENT_PID=$SSH_AGENT_PID" ) > "$AGENT_INFO_FILE" | fi While SSH_AUTH_SOCK is set no agent will be started during X startup as per /etc/X11/Xsession.d/90x11-common_ssh-agent and the previously started one will be used. This way the agent will be started only once per boot and one only needs to ssh-add once for all gettys. HTH, Flo |