Tired of typing your pass phrase in every time you use SSH, SCP, fish://, rsync, unision or do anything remotely on another system? With SSH and PKI. Here is a howto<http://www.cyberciti.biz/tips/ssh-public-key-based-authentication-how-to.html> .
With PKI you can ssh-agent store your authentication information in a secure running process, any child process started after that will be able to connect over SSH without having to ask you for a pass phrase again as long as your PKI is setup correctly on the server side. If you have your X session start ssh-agent for you then you only need to type your pass phrase in once every time you login. Ubuntu 7.4 has a script in /etc/X11/Xsession.d/90x11-common_ssh-agent to do this but it just does not work. Most posts I found on the Internet about it people just hack around the problem. I am running Ubutnu on my laptop, and Radados <http://radados.org> on my servers. I like Radados or many things like persistent desktop and how it does ssh-agent automatically, but Ubuntu has some very nice eye candy. If anyone has found a way to get persistent desktop sessions in Ubuntu please let me know. I could hack Ubuntu to use the Radados persistent desktop sessions but rather not. Here is my hack for Ubuntu 7.4 to use the ssh-agent. I will test it on 7.10next week. You need to install ssh-askpass. This should work with most Linux distributions but maybe not with "Dunce Cap" Core 4,5,6,7... Edit the file /etc/X11/Xsession.d/90x11-common_ssh-agent go down to the end and replace the last three lines that deal with STARTSSH with this. #if [ -n "$STARTSSH" ]; then # STARTUP="$SSHAGENT $SSHAGENTARGS $STARTUP" #fi USER_ID=`id -u` chmod o-rwx $HOME mkdir -p $HOME/tmp chmod go-rwx $HOME/tmp mkdir -p $HOME/.ssh chown $USER_ID $HOME/.ssh -R chmod 700 $HOME/.ssh find $HOME/.ssh -type f -exec chmod 600 "{}" \; SSH_AGENT_PID=0 # This part makes it so you only type your pass phrase once per boot. # Ubuntu keeps the ssh-agent running but starts a new one ever time you login # This part re-attaches to the one that is running. if [ -f "$HOME/tmp/.sshagent" ]; then . $HOME/tmp/.sshagent # Why can't ps let me list using both the command name and the user ID? # I have only been able to make it find processes by one or the other but not # both in the same command. ps -U $USER_ID -F | grep ssh-agent | grep -v grep | grep $SSH_AGENT_PID if [ $? -ne 0 ]; then SSH_AGENT_PID=0 fi fi if [ $SSH_AGENT_PID -eq 0 ]; then $SSHAGENT > $HOME/tmp/.sshagent . $HOME/tmp/.sshagent if [ -f $HOME/.ssh/id_dsa ]; then ssh-add $HOME/.ssh/id_dsa fi if [ -f $HOME/.ssh/id_rsa ]; then ssh-add $HOME/.ssh/id_dsa fi else . $HOME/tmp/.sshagent fi SECURITY ALERT! Ubuntu, as far as I can tell, does not have persistent desktop sessions like Radados so if you do this hack then leave your desktop unattended you better be using a screen saver that locks your desktop or you will be opening a door for some to do lots of nasty stuff. -- You need music, music needs you; but the RIAA we'd all be better off without.
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
