Talk:HOWTO ssh-agent the easy way

From Gentoo Linux Wiki

Jump to: navigation, search

I find a nicer way to do this is below, using keychain. Make sure you have keychain emerged.

Putting it in ~/.kde/env/Keychain.sh will ensure that it is started before after your login but before the KDE session. The dcop calls will make ssh-agent available to KDE for things such as the fish:// protocol in Konqueror/other apps.

Note that you'll still need to source ~/.keychain/`hostname`-sh in your ~/.bashrc and ~/.bash_profile. 

#!/bin/bash

SSH_ASKPASS="/usr/bin/x11-ssh-askpass"
# Or the below, if you use the gtk2 variant
#SSH_ASKPASS="/usr/bin/gtk2-ssh-askpass"
keychain ~/Path/To/MyKey.dsa

source ~/.keychain/`hostname`-sh

dcop klauncher klauncher setLaunchEnv SSH_AUTH_SOCK "$SSH_AUTH_SOCK"
dcop klauncher klauncher setLaunchEnv SSH_AGENT_PID "$SSH_AGENT_PID"

Perhaps somebody who knows the wiki format better than I do can wikify this and add any other comments.

Added by David Cannings

Contents

[edit] easiest way

Note: If you start a process with ssh-agent, ssh-agent will terminate when the process terminates.


Create a .xinitrc file w/ the following:

File: in your .xinitrc: 
exec /usr/bin/ssh-agent startkde

Then, run ssh-add from a terminal once you've logged in. That's it.

[edit] easier way

I dont actually use gentoo regularly .. but I just spent a while trying to get ssh-agent working, using your info as a guide.

Somewhere else I actually found this code:

#!/bin/csh

eval `/usr/bin/ssh-agent`

dcop klauncher klauncher setLaunchEnv SSH_AGENT_PID "$SSH_AGENT_PID"

dcop klauncher klauncher setLaunchEnv SSH_AUTH_SOCK "$SSH_AUTH_SOCK"


to put into a script in ~/kde/Autostart/

and this does the job for me, and seems reasonably cross-platform and easy to setup.
Anyway, my 2c.
-David
cub1cle.com

[edit] pam_ssh and $YOUR_LOGIN_MANAGER

Benefit: Single Sign on
(ssh-agent is started in the background, works for the whole X environment)
pam_agent will decrypt your ssh key with the password provided by
$YOUR_LOGIN_MANAGER (kdm, gdm, xdm) this also logs you into your Desktop Environment


Needed changes:

Code: 
 emerge -av pam_ssh
 2 new lines in /etc/pam.d/system-auth, see below.

/etc/pam.d/system-auth

Code: 

 auth       required pam_env.so
 auth       sufficient /lib/security/pam_ssh.so        #new
 auth       sufficient   pam_unix.so likeauth nullok
 auth       required pam_deny.so

 account    required pam_unix.so

 password   required pam_cracklib.so difok="2" minlen=8 dcredit=2 ocredit=2 retry=3
 password   sufficient   pam_unix.so nullok md5 shadow use_authtok
 password   required pam_deny.so

 session    required pam_limits.so
 session  sufficient /lib/security/pam_ssh.so #new
 session    required pam_unix.so


the two lines marked with #new at the end are the only needed changes on my default system-auth file.

Warning:

1. Backup /etc/pam.d/system-auth
2. Stay logged in as root on at least one console (x or text doesnt matter) change the file and then login on another console as root to see if it works(dont logout on the first).
Theres a chance that you cant login with root if the file is screwed

Metalfan 07:18, 14 June 2007 (UTC)

[edit] Gnome

Is there a way to do this under GNOME? --Huwawa 21:06, 27 July 2007 (UTC)

Retrieved from "http://gentoo-wiki.com/Talk:HOWTO_ssh-agent_the_easy_way"
Personal tools