Day 2 of 60: SSH agent authentication

I've just configured the desktop to prompt me for my SSH credentials once, instead of on every connection, using ssh-agent and an X11 SSH password requestor.

This is bread-and-butter stuff that should be easy, made a little more complex by documentation not being accessible on the Sun site. Since I couldn't find the correct incantation through Google I'm documenting it here



First, obtain an X11 ssh passphrase requestor. x11-ssh-askpass works fine.

Now add the following lines to the bottom of $HOME/.dtprofile.

SSH_ASKPASS=/path/to/x11-ssh-askpass
export SSH_ASKPASS

if [ "$SSH_AUTH_SOCK" = "" -a -x /usr/bin/ssh-agent ]; then
eval `/usr/bin/ssh-agent -s`
fi

if [ "$SSH_AGENT_PID" != "" -a -x /usr/bin/ssh-add ]; then
`/usr/bin/ssh-add`
fi


The important bit is the "-s" argument to ssh-agent. Without it I found that it was emitting csh style settings instead of bourne shell style settings.

Log out, log back in again, and you should be prompted for the passphrase for your ssh key. Every ssh connection from then on should authenticate automatically.

1 comment:

  1. Well, I prefer to set it up in a global way, so that users may just call ssh-add [options] to add the credentials they want:

    --- /usr/dt/bin/Xsession.orig Thu Feb 23 14:18:36 2006
    +++ /usr/dt/bin/Xsession Wed Aug 23 14:05:06 2006
    @@ -714,6 +714,13 @@
    fi

    export DT=true;
    + sshagent="`which ssh-agent`"
    + if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then
    + startup="$sshagent -- $startup"
    + elif [ -z "$sshagent" ] ; then
    + Log "$0: ssh-agent not found!"
    + fi
    +
    case ${SHELL##*/} in

    csh ) $dtstart_shell -c "unsetenv _ PWD; \

    ReplyDelete