Managing ssh-agent - maemo.org

insyte | # 1 | 2009-12-07, 18:03 | Report

As a sysadmin, one of the most common ways I use my N900 is to manage servers via ssh. Spawning an instance of ssh-agent for each xterm session (and typing in the ssh key's passphrase) quickly became painful. So I wrote a few lines of code that can be dropped into ~/.profile to make sure I can reuse a shared agent between all sessions.

Code:

unset SSH_AUTH_SOCK
unset SSH_AGENT_PID

if [[ -f ~/.ssh-agent ]]
then
        source ~/.ssh-agent >> /dev/null
fi

ssh-add -l 2>&1 > /dev/null
r=$?
if [[ $r == 2 ]]
then
        echo No agent.
        pkill ssh-agent
        ssh-agent -t 5400 > ~/.ssh-agent
        source ~/.ssh-agent > /dev/null
fi

Full write-up and explanation here:

http://insyte.squad51.net/archives/2...7T11_55_19.txt

The Following 8 Users Say Thank You to insyte For This Useful Post:
DrWilken, eMHa, kwotski, lma, lnagel, npsimons, Rob1n

lnagel | # 2 | 2010-03-15, 20:15 | Report

Here's a variation of your script (thanks for the original one!

* fixed the no connection warning by changing "2>&1" to "2> /dev/null"
* moved the agent file to ~/.ssh/
* added a few aliases to manage the keys more easily (list, add, delete)

Code:

unset SSH_AUTH_SOCK
unset SSH_AGENT_PID

agentfile="/home/user/.ssh/agent"

if [[ -f ${agentfile} ]]; then
        source ${agentfile} >> /dev/null
fi

ssh-add -l 2> /dev/null > /dev/null
r=$?
if [[ $r == 2 ]]
then
        pkill ssh-agent
        ssh-agent -t 900 > ${agentfile}
        source ${agentfile}> /dev/null
        chmod 600 ${agentfile}
fi

unset agentfile

alias idlist="ssh-add -l"
alias idrsa="ssh-add /home/user/.ssh/id_rsa"
alias idrsadel="ssh-add -d /home/user/.ssh/id_rsa"

Last edited by lnagel; 2010-03-15 at 20:27.

The Following 2 Users Say Thank You to lnagel For This Useful Post:
npsimons

nyarlathotep | # 3 | 2010-03-15, 21:24 | Report

I'd suggest starting the ssh-agent before X because otherwise tasks spawned outside a shell don't have access.

Mac OS X has a very nice ssh-agent setup. ssh-agent itself will be restarted by launchd (inetd) whenever needed, but the ssh-agent itself opens a secure password dialog.

p.s. You can suppress ssh-add's error message if you put the 2>&1 after the >dev/null

The Following 2 Users Say Thank You to nyarlathotep For This Useful Post:
Rob1n

Rob1n | # 4 | 2010-03-15, 21:42 | Report

Originally Posted by nyarlathotep View Post

I'd suggest starting the ssh-agent before X because otherwise tasks spawned outside a shell don't have access.

A good thought. I've added /etc/X11/Xsession.d/00ssh-agent containing:

Code:

#!/bin/sh
eval `ssh-agent -s -t 900`

That seems to do the job of starting the agent along with X, making the environment variables accessible to all launched applications.

The Following 4 Users Say Thank You to Rob1n For This Useful Post:
fstern, phedders, sami00sami

ugknite | # 5 | 2010-07-14, 13:27 | Report

thanks guys, this is handy.

Rob1n, what does the 00 in 00ssh-agent signify?

ugknite | # 6 | 2010-07-14, 13:41 | Report

After adding to Xsession.d/00ssh-agent the agent starts up but the environment variables aren't exported properly.
Rob1n, did you see the environment variables after starting the device?

stuart34 | # 7 | 2012-11-11, 13:18 | Report

I run the agent and have the environment variables correctly exported with a /etc/X11/Xsession.d/00ssh-agent containing

Code:

eval `ssh-agent -s -t 7d`

I didn't add #!/bin/sh because this code has to be sourced rather than executed.

The Following 2 Users Say Thank You to stuart34 For This Useful Post:
Xagoln