Hi ALUG,
I'm trying to get ssh-agent to work properly so that I can have passwordless ssh.
I've got my public key in the authorized_keys files on the relevant remote machines, and I can log in to them by just unlocking my key OK.
The bit that I'm stuck with is starting ssh-agent properly. If I run urxvt, for example, under ssh-agent:
$ ssh-agent urxvt
I can't then run ssh-add, it says "Could not open a connection to your authentication agent." Although ps reports that the ssh-agent is running.
The next thing I can't do is get ssh-agent to start my Fluxbox session. In /etc/X11/Xsession.options I have have "use-ssh-agent" (which I think is a default anyway). But I don't have any ssh-agent process running, and ssh-add reports the same error as above for a shell running under Fluxbox.
(My /etc/X11/Xsession.options also has "use-session-dbus" and it seems that dbus works OK; I have a process called /usr/bin/dbus-launch --exit-with-session /usr/bin/startfluxbox. That's not exactly related, but I guess it's kind of similar.)
Any ideas why this isn't working?
Cheers, Richard
Richard Lewis richardlewis@fastmail.co.uk wrote: [...]
The bit that I'm stuck with is starting ssh-agent properly. If I run urxvt, for example, under ssh-agent:
$ ssh-agent urxvt
I can't then run ssh-add, it says "Could not open a connection to your authentication agent." Although ps reports that the ssh-agent is running.
[...]
Any ideas why this isn't working?
Can you eval $(ssh-agent -s) and use it that way instead? I have that eval in my Xsession script. I don't remember why I don't use the subprocess method.
I've seen some muttering about the Gnome keyring tool (on planet.debian.org I think) and it's never worked right for me. It also seemed to interfere with ssh-agent. Is it running?
Hope that helps,
At Thu, 24 Sep 2009 15:26:16 +0100 (BST), MJ Ray wrote:
Richard Lewis richardlewis@fastmail.co.uk wrote: [...]
The bit that I'm stuck with is starting ssh-agent properly. If I run urxvt, for example, under ssh-agent:
$ ssh-agent urxvt
I can't then run ssh-add, it says "Could not open a connection to your authentication agent." Although ps reports that the ssh-agent is running.
[...]
Any ideas why this isn't working?
Can you eval $(ssh-agent -s) and use it that way instead? I have that eval in my Xsession script. I don't remember why I don't use the subprocess method.
Ah OK. Yes, having resolved the first problem (in my reply to myself) I can do this now.
I've seen some muttering about the Gnome keyring tool (on planet.debian.org I think) and it's never worked right for me. It also seemed to interfere with ssh-agent. Is it running?
Hmm, yes gnome keyring is running. I think gdm uses it?
http://live.gnome.org/GnomeKeyring/Ssh seems to suggest that gnome keyring actually functions as an ssh agent.
I'll test later (next time I log in), but it could be that the SSH_* environment variable clobbering that I had going on was stopping gnome keyring's ssh agent facility from working.
On the other hand, my gnome-keyring process is called
/usr/bin/gnome-keyring-daemon --daemonize
so it doesn't seem to be a parent of fluxbox. I would've thought it needs to be.
Richard Lewis wrote:
MJ Ray wrote:
I've seen some muttering about the Gnome keyring tool (on planet.debian.org I think) and it's never worked right for me. It also seemed to interfere with ssh-agent. Is it running?
Hmm, yes gnome keyring is running. I think gdm uses it?
http://live.gnome.org/GnomeKeyring/Ssh seems to suggest that gnome keyring actually functions as an ssh agent.
That's the swine! So I found the muttering comment:-
wouter verhelst wrote on 06/18/09 at 12:02 pm :
You seem to be confusing "ssh-agent" with "gnome-keyring"
The former is a proper implementation of ssh-agent that does everything the protocol requires, and works well.
The latter is a cheap knockoff of ssh-agent implemented by the GNOME people. It does not implement half of the features of ssh-agent (for instance, it does not support ssh-add's -c or -t options), breaks on keys that have passwords in them, and is a generally shoddy implementation of ssh-agent. To make matters worse, the gconf key that is supposed to disable the ssh-agent component of gnome-keyring has no effect in its most recent versions.
http://www.lucas-nussbaum.net/blog/?p=347
There are some more constructive comments there which may help.
Hope that helps,
At Thu, 24 Sep 2009 16:29:02 +0100 (BST), MJ Ray wrote:
Richard Lewis wrote:
MJ Ray wrote:
I've seen some muttering about the Gnome keyring tool (on planet.debian.org I think) and it's never worked right for me. It also seemed to interfere with ssh-agent. Is it running?
Hmm, yes gnome keyring is running. I think gdm uses it?
http://live.gnome.org/GnomeKeyring/Ssh seems to suggest that gnome keyring actually functions as an ssh agent.
That's the swine! So I found the muttering comment:-
wouter verhelst wrote on 06/18/09 at 12:02 pm :
You seem to be confusing "ssh-agent" with "gnome-keyring" The former is a proper implementation of ssh-agent that does everything the protocol requires, and works well. The latter is a cheap knockoff of ssh-agent implemented by the GNOME people. It does not implement half of the features of ssh-agent (for instance, it does not support ssh-add's -c or -t options), breaks on keys that have passwords in them, and is a generally shoddy implementation of ssh-agent. To make matters worse, the gconf key that is supposed to disable the ssh-agent component of gnome-keyring has no effect in its most recent versions.http://www.lucas-nussbaum.net/blog/?p=347
There are some more constructive comments there which may help.
Hope that helps,
So I've just switched my computer back on again and gnome-keyring seems amenable to ssh-add'ing and I've now got passwordless ssh.
Thanks for your help.
At Thu, 24 Sep 2009 15:16:31 +0100, Richard Lewis wrote:
Hi ALUG,
I'm trying to get ssh-agent to work properly so that I can have passwordless ssh.
I've got my public key in the authorized_keys files on the relevant remote machines, and I can log in to them by just unlocking my key OK.
The bit that I'm stuck with is starting ssh-agent properly. If I run urxvt, for example, under ssh-agent:
$ ssh-agent urxvt
I can't then run ssh-add, it says "Could not open a connection to your authentication agent." Although ps reports that the ssh-agent is running.
So I've just fixed this part of the problem. (Apologies for the premature question.)
I had a package called keychain installed which is supposed to make ssh-agent survive between logins (I didn't really want this feature, just random fiddling from the last time I tried to get this to work). Anyway, it was setting some stored, and, importantly, wrong values for the SSH_AGENT_PID and SSH_AUTH_SOCK variables. I think then ssh-add couldn't connect to the ssh-agent because it was looking in the wrong socket.
I removed keychain and its settings and now I can $ ssh-agent urxvt and ssh-add works fine.
-
MJ Ray -
Richard Lewis