Simple ssh-agent config

I've been looking for a simple and robust way of getting ssh keys to work with an agent. It seemed like the existing methods detailed on the wiki were all some combination of not simple and not robust. After RTFMing I came up with a method that works for me. Maybe it's kind of trivial but I haven't seen it described anywhere else and I suspect others might find it useful to have the approach spelled out. I've added my notes to the wiki here and here.
The current post is basically just an FYI but if you see any glaring problems/shortfalls with the new subsections you should feel invited to volunteer your feedback

You still have two agents, one for gpg and one for ssh.  But keychain just starts them and then allows you to use just once instance of each whenever you upon a subsequent shell.  It can be told to do just one or the other very easily. 
From the keychain man page:
This snippet should work in any shell to load two ssh keys and one gpg key:
           eval `keychain --eval id_rsa id_dsa 0123ABCD`
I use the somewhat more "complex" form without using eval:
my ~/.zprofile wrote:/usr/bin/keychain --agents ssh,gpg -Q -q --nogui
[ -z "$HOSTNAME" ] && HOSTNAME=$(uname -n)
[ -f $HOME/.keychain/${HOSTNAME}-sh ] && source $HOME/.keychain/${HOSTNAME}-sh
[ -f $HOME/.keychain/${HOSTNAME}-sh-gpg ] && source $HOME/.keychain/${HOSTNAME}-sh-gpg
Not sure how this would lead to frusturations…

Similar Messages

  • Updating the system has broken ssh-agent

    Hi everyone, I recently encountered a strange problem with ssh-agent. For a very long I started it with a simple
    ssh-agent
    and everything was fine - I could add a key from a different console and everything was immediately visible in all the applications that needed SSH key authentication. However, after the last updates I noticed that simple ssh-agent no longer works - the environment variables are not exported to the system. I know I can use eval `ssh-agent`, but:
    - Once I close the console, I cannot use the ssh-agent process anymore.
    - The agent is not visible from a different console.
    - The agent is not visible from NetBeans or something similar.
    I noticed the problem for the first time in December, after switching to Arch x86_64, but I managed to get the old call working somehow. Unfortunately, I have no idea, how I did that . Now I've updated Arch x86 both on laptop and on a desktop and the problem appeared again on both of them. I found several resources about ssh-agent via Google, but nothing concerns my problem directly. Has anyone encountered a similar problem, too and knows, what is wrong with the new Arch SSH packages or how to fix it? I would appreciate any help, because SSH is critical for me and now it doesn't work correctly on any of my computers.

    I'm not sure how to directly answer your question, but here's the portion of my .bashrc I use to start the ssh agent on login. Hope it helps! I'm also running x86_64.
    SSH_ENV="$HOME/.ssh/environment"
    function start_agent {
    echo "Initialising new SSH agent..."
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
    echo succeeded
    chmod 600 "${SSH_ENV}"
    . "${SSH_ENV}" > /dev/null
    /usr/bin/ssh-add;
    # Source SSH settings, if applicable
    if [ -f "${SSH_ENV}" ]; then
    . "${SSH_ENV}" > /dev/null
    ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
    start_agent;
    else
    start_agent;
    fi
    Good luck!
    Scott

  • Starting ssh-agent on login

    ssh-agent is a blessing for convenient yet secure remote access, but the standard tool to start it up on login is in my opinion overly complicated. Keychain is a script in more than 1500 lines of code for doing essentially what I do in 8 lines. It does of course have tons more features, but I don't see any reason for all of that. Here's my /etc/profile.d/ssh-agent.sh, I hope somebody finds it useful:
    # If the directory ~/.ssh/agent exists, ssh-agent is started automagically.
    # The script first checks whether $HOSTNAME-sh already contains information
    # about a running ssh-agent process, in which case nothing further is done.
    # When necessary, which should only be once per reboot, ssh-agent is started
    # and the two important variables are defined in $HOSTNAME-sh for use by
    # future login sessions.
    # Tip: Put '. /etc/profile' in your ~/.xinitrc and ~/.xsession
    # This is a good idea not only because of this script.
    if [ -d $HOME/.ssh/agent ]; then
    [ -f $HOME/.ssh/agent/$HOSTNAME-sh ] && . $HOME/.ssh/agent/$HOSTNAME-sh
    if ! [ -S "$SSH_AUTH_SOCK" ]; then
    eval `/usr/bin/ssh-agent` > /dev/null
    echo "export SSH_AUTH_SOCK=$SSH_AUTH_SOCK" > $HOME/.ssh/agent/$HOSTNAME-sh
    echo "export SSH_AGENT_PID=$SSH_AGENT_PID" >> $HOME/.ssh/agent/$HOSTNAME-sh
    fi
    fi

    <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by BRETT GASTON ([email protected]):
    After countless hours, I can get the command ./lsnrctl dbsnmp_start to start the Intelligent Agent. However, if I execute the command ./dbsnmp & the Intelligent Agent will start and I can then use dbsnmp_status and dbsnmp_stop as normal. I have tried relinking, reinstalling, deleting log and config files to no avail. Has anyone else had this problem?
    Brett<HR></BLOCKQUOTE>
    to start intelligent agents manually
    $ lsnrctl
    lsnrctl> help
    dbsnmp_stop
    dbsnmp_start
    dbsnmp_statusd
    lsnrctl>dbsnmp_start
    lsnrctl>exit
    or .........
    lsnrctl dbsnmp_start # to start
    lsnrctl dbsnmp_stop # to stop
    lsnrctl dbsnmp_status # to view status
    good luck
    null

  • SSH Agent in GNOME Doesn't Work

    Hey There,
    I'm using GNOME for my personal desktop needs.. I have to connect to several remote server (or PC's) in a shell and I don't want to re-enter my passwords in the same session. This is my problem:
    [14:28] (tunix@penguix ~)$ ps aux |grep ssh
    root      6264  0.0  0.0   3756   816 ?        Ss   09:03   0:00 /usr/sbin/sshd
    tunix     6457  0.0  0.0   3400   508 ?        Ss   09:05   0:00 /usr/bin/ssh-agent -- /usr/bin/gnome-session
    tunix    19141  0.0  0.0   3428   784 pts/2    R+   14:28   0:00 grep ssh
    [14:28] (tunix@penguix ~)$ ssh tunix@kulupler
    Enter passphrase for key '/home/tunix/.ssh/id_rsa':
    Last login: Sat Sep 29 14:22:37 2007 from 85.97.128.179
    [14:26] (tunix@kulupler ~)$ logout
    Connection to kulupler closed.
    [14:28] (tunix@penguix ~)$ ssh tunix@kulupler
    Enter passphrase for key '/home/tunix/.ssh/id_rsa':
    [14:28] (tunix@penguix ~)$
    So SSH Agent doesn't cache or save the passwords I enter.. So I have to enter the password each time. (Maybe this is happening because of the same reason why Seahorse doesn't working on my system.. :S)
    Thanks for any replies..

    Did you run ssh-add to tell ssh-agent which key to use ?  If not, ssh-agent will not know anything about any keys/pass phrases you enter into specific ssh sessions.
    There's a pretty good tutorial here, with all the basic steps :
    http://mah.everybody.org/docs/ssh
    WRT seahorse...
    Is seahorse-daemon running ?  I haven't used seahorse, so I only have the following as a reference :
    http://live.gnome.org/Seahorse/SSHAgent

  • [SOLVED] ssh-agent support removed from kde-agent

    Hi all,
    Since its upgrade yesterday, kde-agent does not support ssh-agent anymore (see here). I consequently can't store unlocked SSH keys anymore, because ssh-add from a konsole can't connect to ssh-agent.
    The update note above mentions that the SSH agent is not needed by KDE since years. What's the recommended way to start it now ?
    Thanks a lot !
    Aurélien.
    Last edited by aurelieng (2014-01-03 08:39:49)

    I have been using ssh-agent with KDE on a daily basis for years and AFAIK, there is no better or more convenient way of keeping your private keys available. So in my opinion, the removal of ssh-agent, a tiny daemon that doesn't do any harm yet serves its purpose very well, was a bad idea.
    I found a solution that does not run multiple ssh-agent daemons, even if KDE crashes. The solution is based on the fact that ssh-agent can be used as a wrapper around a session startup script or program. Unfortunately, my solution is very intrusive and will disappear on each KDE update. It works as follows:
    # cd /usr/bin
    # mv startkde startkde-inner
    # cat > startkde <<- HERE
    #!/bin/sh
    exec /usr/bin/ssh-agent /usr/bin/startkde-inner
    HERE
    # chmod +x startkde
    Now the ssh-agent will be started on each KDE session and there will always be only one ssh-agent per KDE session. Comments in the startkde script suggest starting ssh-agent later in the process and then killing it on logout. However, such a solution is inherently unreliable, because it will not kill your ssh-agent when the X-server or KDE crashes. The same problem applies to starting ssh-agent from profile scripts. The wrapper method resolves the issue in a quite reasonable way.
    Last edited by andrej.podzimek (2014-01-08 13:27:25)

  • How to get Leopard ssh agent to work if you previously used "SSH Agent" App

    Hi Everyone,
    I had previously been using the *SSH Agent* application from http://www.phil.uu.nl/~xges/ssh/ and wanted to get rid of it and use the built-in support for ssh-agent in Leopard.
    However, it didn't work. Doing "env | grep SSH" it would show /tmp/501/nl.uu.phil.SSHAgent.socket and ssh'ing from a terminal window would request your passphrase every time. Executing ssh-agent would say "no agent is running." Even deleting the *SSH Agent* app and rebooting, it would still have this phil socket.
    The solution is to use terminal, go to your home directory, cd to .MacOSX and look and see if there's an environment.plist file. In there will be some XML to set this persistent string for SSHAUTHSOCK. You need to take that out. If there's other stuff in the file, like a CVSHOME entry, hand-edit the XML to take out the SSHAUTHSOCK entry. (How to do that is beyond the scope of this post.) If the only thing is that entry, just delete the environment.plist file.
    Afterwards, reboot, or maybe just log out and log back in, open a terminal window, and you should be able to ssh out and the system will start ssh-agent behind your back and find your .ssh/id_dsa file or whatever.
    Karl

    The man page for ssh-agent provides the following documentation:
    -a bind_address
    Bind the agent to the unix-domain socket bind_address. The
    default is /tmp/ssh-XXXXXXXXXX/agent.<ppid>.
    The system ssh-agent's startup arguments are in /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist so you could add something like the following to array that defines the ProgramArguments:
    <string>-a</string>
    <string>/whatever/the/path/is/that/you/want/to/have</string>
    Note that since these mods are being done in /System, they could be wiped out by any system update. You could try making a copy of the file and putting the copy in /Library/LaunchAgents; perhaps files in that directory take precedence over files in /System. Certainly, stuff in /Library shouldn't be wiped out by a system update, though.

  • Strange ssh-agent option

    When I run "ps -e|grep ssh" I can see that /usr/bin/ssh-agent is running with a -l option. This is consistent with /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist which also shows a -l option. However, the man page for ssh-agent makes no mention of a -l option and it does not appear in the output of "strings /usr/bin/ssh-agent".
    So what is this mysterious option?

    I downloaded and inspected the source code from your link:
    http://www.opensource.apple.com/
    Here is the source entry (ssh-agent.c):
    #ifdef _APPLE_LAUNCHD_
    if (l_flag) {
    launchdatat resp, msg, tmp;
    size_t listeners_i;
    msg = launchdata_new_string(LAUNCH_KEYCHECKIN);
    resp = launch_msg(msg);
    if (NULL == resp) {
    perror("launch_msg");
    exit(1);
    launchdatafree(msg);
    switch (launchdata_gettype(resp)) {
    case LAUNCHDATAERRNO:
    errno = launchdata_geterrno(resp);
    perror("launch_msg response");
    exit(1);
    case LAUNCHDATADICTIONARY:
    break;
    default:
    fprintf(stderr, "launch_msg unknown response");
    exit(1);
    tmp = launchdata_dictlookup(resp, LAUNCHJOBKEYSOCKETS);
    if (NULL == tmp) {
    fprintf(stderr, "no sockets\n");
    exit(1);
    tmp = launchdata_dictlookup(tmp, "Listeners");
    if (NULL == tmp) {
    fprintf(stderr, "no known listeners\n");
    exit(1);
    for (listeners_i = 0; listeners_i < launchdata_array_getcount(tmp); listeners_i++) {
    launchdatat objatind = launchdata_array_getindex(tmp, listeners_i);
    newsocket(AUTHSOCKET, launchdata_get_fd(obj_atind));
    launchdatafree(resp);
    } else {
    #endif
    Appears to be a sub routine designed to generate program data, error and/or debug
    messages (if needed) whenever ssh-agent is launched automatically from launchd.
    That would explain why it is an Apple only option, since no else uses launchd.
    Kj
    note: if you feel my investigation is in error, fell free to dig through the
    source code yourself.

  • Disable ssh-agent on boot

    hello, I'd like to know how to disable ssh agent since I don't use it. It's a kde dependancy so it cannot be removed. So is there a way to make it not start on boot?

    pacman -qli kde-agent
    Name : kde-agent
    Version : 20090801-2
    URL : http://www.kde.org
    Licenses : GPL LGPL FDL
    Groups : None
    Provides : None
    Depends On : pinentry openssh qt
    Optional Deps : None
    Required By : kdepim-libkdepim kdeutils-kgpg
    Conflicts With : None
    Replaces : None
    Installed Size : 8.00 K
    Packager : Tobias Powalowski <[email protected]>
    Architecture : i686
    Build Date : Sat 01 Aug 2009 09:49:35 AM EDT
    Install Date : Mon 14 Mar 2011 11:10:48 PM EDT
    Install Reason : Installed as a dependency for another package
    Install Script : No
    Description : Startup and shutdown scripts for gpg-agent and ssh-agent in KDE
    kde-agent /etc/
    kde-agent /etc/kde/
    kde-agent /etc/kde/env/
    kde-agent /etc/kde/env/agent-startup.sh
    kde-agent /etc/kde/shutdown/
    kde-agent /etc/kde/shutdown/agent-shutdown.sh
    You may be able to change some setting in /etc/kde/env/agent-startup.sh .

  • Ssh-agent need to start for every terminal since Yosemite

    Hi
    Since I have upgraded to Yosemite I have to manually start the ssh-agent on every new terminal/bash window/tab.
    I know I could manually start the agent in bash_profile but trying to work out what may be causing the problem...?
    Steps:
    Load terminal
    ssh-add -list
    - Could not open a connection to your authentication agent.
    ssh-add ~/.ssh/myPrivateKey
    - Could not open a connection to your authentication agent.
    ssh-agent -s
    ssh-add ~/.ssh/myPrivateKey
    ssd-add -list
    - success
    Load a new tab - rince and repeat...
    Mac Book Pro Mid 2010
    Yosemite 10.10
    Bash 4.3.30
    Thanks! 
       0         

    Bash 4.3.30
    That's not the system bash.

  • Ssh-agent?

    Hey Guys,
    I notice I have ssh-agent running.  I did not install it or start it.
    Does it come with arch's openssh package?

    scrawler wrote:
    Hey Guys,
    I notice I have ssh-agent running.  I did not install it or start it.
    Does it come with arch's openssh package?
    Yes it comes with it. Many DE like Gnome; KDE; XFCE4 are starting it automatically, so that the agent can wrap you whole desktop environment
    and any key you have exported is accessable from anywhere(except chroots, for sure)
    This is a feature, not a security whole cuz it doesn't hurt as long as you don't export keys and let your box running where anyone can work on your desktop.
    -neri

  • Disable Kde ssh-agent

    hello. Is there a way  not to load or remove ssh agent while using KDE SC? I do not need ssh and I'd like it disabled for security reasons.

    anyone?

  • KDE4.1 ssh-agent and gpg-agent

    Suddenly after an update of kdeworkspace my ssh-agent and gpg-agent have stopped working. Does anyone else have also this problem?
    Regards,

    I've also had this problem, although I don't know the exact time it stopped working as I have not had to use my laptop to ssh for a while.
    Everything seems to get created OK - the socket is created:
    [daren@daren_laptop env]$ ll /tmp/gpg-MZi0kX/
    total 0
    srwxr-xr-x 1 daren daren 0 2009-01-18 10:06 S.gpg-agent
    and the env variable points to it:
    [daren@daren_laptop env]$ env | grep GPG
    GPG_AGENT_INFO=/tmp/gpg-MZi0kX/S.gpg-agent:4508:1
    and the agent is running on the correct pid:
    [daren@daren_laptop env]$ ps axf | grep gpg-agent
    4508 ? Ss 0:00 gpg-agent --daemon
    4902 pts/0 R+ 0:00 \_ grep gpg-agent
    If i run ssh-add from the command line, I get this:
    [daren@daren_laptop env]$ ssh-add
    Could not open a connection to your authentication agent.
    [daren@daren_laptop env]$
    I'm not that clued up on using the agent - it's always "just worked" after adding the script to ~/.kde4/env, but I'm kind of stuck now.  There was another post about issues with KDE 4.1 and the agents, but they resolved theirs by doing what I've had setup for a while now.

  • Core dump with simple sub-agent - Any idea

    Hi,
    I'm using SEA 1.03 on Solaris 7 with patch 107709-11.
    I'm trying to build a simple sub-agent with a different enterprises MIB id (1.3.6.1.4.1.4315.20.1-2 as Integer).
    I'm compiling it with Sun Workshop 5.0 C compiler.
    When running in debug it starts and writes out:
    SUBTREES: 1.3.6.1.4.1.4315.20.1 xpstestd 8000
    1.3.6.1.4.1.4315.20.2 xpstestd 8000
    When running the first SNMP GET request for OID
    1.3.6.1.4.1.4315.20.1 creates the following:
    Waiting for incoming SNMP requests on UDP port 8000
    << received 44 bytes from localhost.34132
    PACKET:
    30 2A 02 01 00 04 06 70 75 62 6C 69 63 A0 1D 02
    03 06 87 00 02 01 00 02 01 00 30 10 30 0E 06 0A
    2B 06 01 04 01 A1 5B 14 01 00 05 00
    PDU:
    version: 0
    community: public
    type: GET_REQ_MSG (0xa0)
    request id: 427776
    error status: noError(0)
    error index: 0
    name: 1.3.6.1.4.1.4315.20.1.0
    type: NULL (0x5)
    length: 0
    value: ( )
    node_find() returned xpsId with suffix 0
    !! get(): processing the variable xpsId
    Segmentation Fault (core dumped)
    ==============================
    Any idea what is wrong?

    Thats a problem with Solstice... all I did to fix that problem was to install the patch...
    Find and install the latest patch (I used 108870-04).
    Hope it helps.

  • [SOLVED] ssh-passphrase not recognized by ssh-agent

    After an upgrade yesterday, I cannot enter my system anymore. It boots with some (rapidly passing) error messages (related to AF_UNIX) and shows me the login prompt. But fontsize isn't the one I had before, and customized keymappings of my keyboard are missing. Thus my configurations for the console have not been read.
    Then I can successfully enter my login and password - but not the ssh-passphrase asked for by ssh-agent. I typed it many times, it must be correct, but is not recognized anymore. So at this point I'm stuck. I rebooted and tried fallback Arch - with the same result.
    Then I chose the grub> shell during boot, and tab gave me a list of available commands. But I don't know what to do now.
    So my question is:
    how can I enter my system besides the ssh-passphrase problem? And if I managed to get into the system again - what might be the cause of this problem?
    EDIT:
    Ok, I tried to enter my pass-phrase as if I had an US keyboard (I have a German keyboard) and that worked. Now I can enter my system again, so I close this question. Maybe I will open another question soon, related to the root-cause of the problem (why my configuration isn't loaded on startup).
    Last edited by 4on6 (2012-11-29 11:35:01)

    After an upgrade yesterday, I cannot enter my system anymore. It boots with some (rapidly passing) error messages (related to AF_UNIX) and shows me the login prompt. But fontsize isn't the one I had before, and customized keymappings of my keyboard are missing. Thus my configurations for the console have not been read.
    Then I can successfully enter my login and password - but not the ssh-passphrase asked for by ssh-agent. I typed it many times, it must be correct, but is not recognized anymore. So at this point I'm stuck. I rebooted and tried fallback Arch - with the same result.
    Then I chose the grub> shell during boot, and tab gave me a list of available commands. But I don't know what to do now.
    So my question is:
    how can I enter my system besides the ssh-passphrase problem? And if I managed to get into the system again - what might be the cause of this problem?
    EDIT:
    Ok, I tried to enter my pass-phrase as if I had an US keyboard (I have a German keyboard) and that worked. Now I can enter my system again, so I close this question. Maybe I will open another question soon, related to the root-cause of the problem (why my configuration isn't loaded on startup).
    Last edited by 4on6 (2012-11-29 11:35:01)

  • [SOLVED]ssh key persists across logins - xfce/ssh-agent/pgp-agent

    Hi,
    I am a new Arch user. I must say, that I am very happy with my installation so far. Thanks for providing a sensible Linux distribution.
    I am coming from Ubuntu 12.04 LTS with xfce as desktop. Ubuntu 12.04 has xfce 4.8.2. Now I am running lightdm and xfce 4.10 which I consider a very useful desktop environment. Now, there is one bug I ran into and I didn't see it documented anywhere :
    After logging out or even rebooting, my ssh-key was still cached/stored by gpg-agent.
    Now, well. Can't be that hard, can it?
    % ssh-add -D
    SSH_AGENT_FAILURE
    Failed to remove all identities.
    Great! Now that really bugged me: I am unable to remove my ssh-key, even across reboots!
    It took me a while to realize, that gpg-agent is now capable of handling ssh-keys.
    I was unable to find any startup configuration for gpg-agent in /etc/profile[.d], systemd, .xinitrc, ...
    Disabling xfce-session gpg-agent autostart
    After even more searching, I found xfce to be the culprit:
    http://docs.xfce.org/xfce/xfce4-session/advanced
    Apparently xfce4-session starts gpg-agent
    To disable it:
    % xfconf-query -c xfce4-session -p /startup/ssh-agent/enabled -n -t bool -s false
    Kind'a obvious, right?
    Key recovery
    To get rid of the ssh-key dangling around unencrypted (?) on your harddisk, have a look at
    $HOME/.gnupg/private-keys-v1.d
    Looks like gpg-agent is storing ssh keys here. I simply deleted the directory.
    BE CAREFUL: I don't know if the directory is only used for cached ssh keys. You might have other valid keys you don't want to delete there. Maybe someone else can shed some light on this.
    Now I have my good old ssh-agent back, started automatically as described in the wiki
    https://wiki.archlinux.org/index.php/SSH_Keys#ssh-agent
    Last edited by georgnix (2014-03-06 12:13:56)

    Thanks for reminding
    Btw, my problem/issue with gpg2's (inexistent, yet there-in-the-man-pages) "--with-keygrip" option still persists - though I am not sure if this is the place to mention about it.

Maybe you are looking for

  • I can't use my iCloud

    Hello to every one. I have a probleme using my iCloud on my iPhone. I buy it yesterday, i linked it with my icloud account. When i arrived at home i updated the iOS, and now it requires me to sign in whith another user and another password. Did know

  • Oracle.security.jps.service.policystore.PolicyStoreAccessPermission

    Hi, I am trying to add permissions and roles programatically using the following code, but i am getting error [JpsAuth] Check Permission PolicyContext: [null] Resource/Target: [context=APPLICATION,name=WTCBasedSecurity] Action: [getApplicationPolicy]

  • Wrap off in sql

    Hi, I am running a sql to get the DDL of sequences, spooling it into a file but the lines are wraping, any suggestion how to make it in separate lines ? Also I would like to put a "/" between each DDL statement. here is how the output looks like CREA

  • Two sets of faces have merged into one. How can I separate them back into two groups or delete the bunch

    Two different sets of faces have merged into one under one name. How can I separate them back or delete the bunch?

  • Resize after dragging into another image

    This is my first post here. I have been a Photoshop user for years, but just upgraded to a new computer and CS5 Windows. While using CS2 I often would drag an image into another image and then resize it so that it looked the way I wanted in the new i