HPE Community
Operating System - HP-UX
1837936 Members
2778 Online
110124 Solutions
New Discussion

Automating ssh-agent/ssh-add

 
Tony Walker_2
Frequent Advisor

‎11-04-2004 03:15 AM

‎11-04-2004 03:15 AM

Automating ssh-agent/ssh-add

Hi Guys,

I'm attempting to setup automatic ssh agency using the good old snail book. At present, I have the user runing ksh. The .profile runs
#ssh-agent $SHELL $HOME/.profile2.

$HOME/.profile2 contains a .shrc call and the .shrc performs the ssh-add.

When I log in, I'm prompted to enter my passphrase (ssh-add) but when I do the entire shell seems to close and I'm back to the original login shell. Can anyone point me in the right direction?

Thanks,

Tony
0 Kudos
Reply
9 REPLIES 9
Steven E. Protter
Exalted Contributor

‎11-04-2004 03:19 AM

‎11-04-2004 03:19 AM

Re: Automating ssh-agent/ssh-add

Is the goal password free ssh?

If so, read the doc I'm attaching. If not, I don't understand the goal and you may wish to clarify.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Tony Walker_2
Frequent Advisor

‎11-04-2004 03:24 AM

‎11-04-2004 03:24 AM

Re: Automating ssh-agent/ssh-add

Stephen,

Thanks. I have already configured the host based authentication but am now experimenting with enforcing a passphrase for the key generation. To take the anoyance of typing it in for each ssh operation I want to start an ssh-agent and add an identity as soon as a user logs in (Chap 6 in the O'Reily book).

Tony
0 Kudos
Reply
Ermin Borovac
Honored Contributor

‎11-04-2004 12:04 PM

‎11-04-2004 12:04 PM

Re: Automating ssh-agent/ssh-add

You can try placing the following commands in $HOME/.profile (insert full paths to ssh-agent and ssh-add).

eval `ssh-agent`
ssh-add
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎11-04-2004 12:32 PM

‎11-04-2004 12:32 PM

Re: Automating ssh-agent/ssh-add

Tony,

A little trick. Create a script say 'mysshadd' with the following:

ssh-agent > /home/user/.ssh/ssh-agent.conf
chmod 600 /home/user/.ssh/ssh-agent.conf
. /home/user/.ssh/ssh-agent.conf
ssh-add /home/user/.ssh/id_dsa
echo "Run . /home/user/.ssh/ssh-agent.conf now"


First time, run this script and it will prompt for the passphrase. Once it is done it will be copied into memory. Put the following line in your .profile

. /home/user/.ssh/ssh-agent.conf

Subsequent windows you open will use the ssh-agent started in the first session.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Tony Walker_2
Frequent Advisor

‎11-04-2004 08:07 PM

‎11-04-2004 08:07 PM

Re: Automating ssh-agent/ssh-add

Ermin, Sridha,

I have already got this working fine with the single-shell method but I specificall want to use the sub-shell method as discussed in the book.

Cheers,

Tony
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎11-05-2004 02:35 AM

‎11-05-2004 02:35 AM

Re: Automating ssh-agent/ssh-add

Tony,

That's not for single shell. You run 'mysshadd' only in the first shell and startup ssh-agent. For rest of the sessions, you simply 'source in' ssh-agent.conf. It won't ask you for password because you don't really run 'ssh-add' later. Try it and see if it is not what you wanted.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Ermin Borovac
Honored Contributor

‎11-07-2004 10:22 AM

‎11-07-2004 10:22 AM

Re: Automating ssh-agent/ssh-add

You can try dropping $HOME/.profile2 from ssh-agent invocation (also add exec).

Put the following at the end of your $HOME/.profile.

ENV=$HOME/.shrc; export ENV
exec ssh-agent $SHELL

And in your $HOME/.shrc have

ssh-add

On exit from the shell ssh-agent will be terminated.
0 Kudos
Reply
David_779
New Member

‎11-15-2004 05:54 AM

‎11-15-2004 05:54 AM

Re: Automating ssh-agent/ssh-add


If you need to use passphrases (or want to), check out "keychain". "keychain" makes the ssh-agent/passphrase stuff pretty convenient.

http://www-106.ibm.com/developerworks/library/l-keyc.html

Then, when you add the following to your ".profile", you'll be asked to enter your passphrase. You won't need to enter your passphase untill the machine is rebooted. (Note: $USERLOCAL should be replaced with whatever directory the keychain stuff located.)

$USERLOCAL/keychain-2.4.2.1/keychain id_rsa
host=`uname -n`
[ -f $HOME/.keychain/$host-sh ] && \
. $HOME/.keychain/$host-sh

0 Kudos
Reply
SPO Distributed Svcs
Occasional Contributor

‎11-15-2004 08:21 AM

‎11-15-2004 08:21 AM

Re: Automating ssh-agent/ssh-add

This is a snippet of script that I have in my .profile that has worked well for me. I don't know how I came by it, but it has been reliable under ksh on solaris. You will have to change the paths for all of the binaries to match your version of ssh ( HPUX version will install under /opt/... rather then /usr/local/.
I think the reason that your ssh-agent dies is because ssh-agent needs to be run as "eval ssh-agent..." and not just executed.

# Make sure ssh-agent1 and ssh-agent2 die on logout
trap '
test -n "$SSH_AGENT_PID" && eval `/usr/local/bin/ssh-agent -k` ;
test -n "$SSH2_AGENT_PID" && kill $SSH2_AGENT_PID
' 0

# If no agent is running and we have a terminal, run ssh-agent and ssh-add.
# (For SSH2, change this to use SSH2_AUTH_SOCK, ssh-agent2 and ssh-add2.)
if [ "$SSH_AUTH_SOCK" = "" ]
then
eval `/usr/local/bin/ssh-agent`
/usr/bin/tty > /dev/null && /usr/local/bin/ssh-add
fi
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.