Re: ssh-agent question

Brian Hatch Wed, 8 Dec 1999 10:48:11 -0800


> I seem to be ahving a proble with ssh-agent, and ssh-add..   What I am
> trying to accomplish is, to be able to have cron ssh over to another server,
> and add users, or whatnot...  The problem is.  If i do a eval `ssh-agent`
> then do ssh-add, I can run my scripts that connect to the other machines no
> problem..  But if I log off of the server, the go back in the scripts will
> not work, and it asks me for my pass phrase..  Is there a way to have it
> keep the key info without having to stay logged in ?


I wrote a function that I put i  my .profile that will
try to see if we already can talk to an agent, if not
try to connect to the 'last' one we started (it saves
a file with environment variables in it when it starts
the agent) and if it can't find that one, then it tries
all agent sockets in the /tmp/ssh-username directory
newest to oldest, until it finds one.  If it never does,
it starts one up

If you have several running, it'll stop when it finds one,
it doesn't have a concept of a 'best' one.

should work in ksh/bash/etc

Note it sends stuff to STDERR, so you may want to
eliminate those lines.  It was written for ssh1.

It's probably more than you need, but it's fine for me.




function findAgent {
        # Now take care of ssh agent forwarding
        function agentAlive {
                ssh-add -l > /dev/null 2>&1             # see if it's live
                return $?
        }

        typeset local SSH_DIR
        if `agentAlive` ; then                  # Check if we're already set
                echo Using existing agent >&2
        else
                SSH_DIR=$HOME/.ssh
                mkdir $SSH_DIR 2>/dev/null
                SSH_PARMS=$SSH_DIR/agentparms   # save our settings here
                if test -r $SSH_PARMS; then
                        . $SSH_PARMS  > /dev/null
                fi

                if `agentAlive` ; then
                        echo Connected to existing agent >&2
                else
                        typeset local KEEP
                        KEEP=''
                        for n in /tmp/ssh-$LOGNAME/* 
                        do
                                export SSH_AUTH_SOCK=$n;
                                export SSH_AUTHENTICATION_SOCKET=$n;
                                if `agentAlive` ; then
                                        KEEP=$n
                                fi
                        done
                        export SSH_AUTH_SOCK=$KEEP
                        export SSH_AUTHENTICATION_SOCKET=$KEEP
                        if `agentAlive` ; then
                                echo "Connected to (unregistered) Agent" >&2
                        else

                                eval `ssh-agent -s 2>/dev/null |tee $SSH_PARMS \
                                                | grep -v '^echo '`
                                if `agentAlive` ; then
                                        echo New Agent started >&2
                                else
                                        echo Cannot start the agent >&2
                                fi
                        fi
                fi
        fi
}


--
[EMAIL PROTECTED]            "But not denying it doesn't
   Systems and              make it true any more than
   Security Engineer        not confirming it makes it false."
http://www.onsight.com/    
                           
Every message PGP signed
PGP signature
Re: ssh-agent question

Reply via email to
