Excerpts from Stef Bon's message of Tue Dec 22 20:08:24 +0100 2009:
> Marc Weber wrote:
> >>> # ls -l /auto
> >>> ls: cannot access /auto/mlin: Permission denied
> >>> total 0
> >>> d????????? ? ? ? ? ? mlin
> >>>
> >>>
> >> Well the question marks mean that glibc cannot figure out the
> >> permissions. This means probably
> >> that the mount has not been succesfull.
> >>
> > It was. The user can access it. But root can't.
> >
> >
> >> Does this work. I do not know anything about ssh agents.
> >>
> > Than you should start to learn at least some basics.
Sorry. I should have been more specific.
I tried saying: If you have to login to multiple locations very often
you should learn about ssh-agents because you'll benefit doing so.
That's one point. The second point is if you still don't know about them
and you're not going to read up what they are and why they are exist
there is indeed no point you helping me because the reason I wrote that
script was using ssh-agents.
Anyway I think we can meet. You didn't reply to my question whether
you're using empty passwords. So it looks to me that you're not aware
about what I'm talking when saying "empty password". This looks strange
to me because using automount directories per users seems to be
advanced to me.
Let me show you a complete example how to generate a key and use an
ssh-agent:
# important: enter a passphrase
ssh-keygen -t rsa -f $HOME/id_rsa_tmp
Enter passphrase (empty for no passphrase): PASSWORD
Your identification has been saved in $HOME/id_rsa_tmp.
Your public key has been saved in $HOME/id_rsa_tmp.pub.
# now you can copy your key to remote machine, you have to enter your
# remote password once:
ssh-copy-id -i $HOME/id_rsa_tmp.pub u...@remote
Now you can login using
ssh -i $HOME/id_rsa_tmp u...@remote
If you didn't use an empty password ssh will ask you for the id_rsa_tmp
password each time uses the key.
If you login and out frequently this is tedious. That's why you can do
tmp=$(ssh-agent)
echo "$tmp"
eval "$tmp"
ssh-add $HOME/id_rsa_tmp # thell the agent enter passphrase
# no more passwords required:
ssh u...@remote 'echo done'
ssh u...@remote 'echo done'
# kill agent so that when you leave the pc nobody
# else can use your key. You can also specify timeouts and such.
# (-> man ssh-agent)
pkill -9 ssh-agent
Of course if you're using an empty passphrase you don't need the
ssh-agent at all.
However if someone get's access to your private key he can login.
If you use a passphrase he can't because he still has to know your
passphrase.
Now you've been using this line without ssh-agent:
> >> PasswordAuthentication='no' -o IdentityFile="$homedir/.ssh/id_dsa" -o
What would happen if you replaced .ssh/id_dsa with $HOME/id_rsa_tmp
assuming you entered a passphrase?
automount is running mount running sshfs running ssh
which will find your password protected key. It doesn't know about any
agents so it will try to ask you for the password by printing a
"password:" prompt. But automount has no shell thus no prompt thus the
mount will fail.
For this reason you find many howtos when googling telling you how to
setup keys with empty passwords because this just works.
I have two goals:
a) figuring out whether there are even nicer solutions
b) telling people that they can use password protected private keys and
automount using my script.
> Here again I'm trying to help here.
Thanks for doing so.
I hope that this mail showing you how to use ssh-agents does help you a
little bit understanding my configuration.
Marc Weber
_______________________________________________
autofs mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/autofs
