RE: ssh-agent and ssh-add automatically

From: Ray Thompson (rthompson@interpublic.com)
Date: 12/18/02

  • Next message: Biju Perumal: "How to allow multiple hosts with same key??"
    From: "Ray Thompson" <rthompson@interpublic.com>
    To: "Wilson Richard E" <richard.wilson@eds.com>, David Danovich <David.Danovich@huji.ac.il>, secureshell@securityfocus.com
    Date: Wed, 18 Dec 2002 15:47:20 -0600
    
    

    Hmmm. How about have a system startup script do something like this:

    for USERS in ddanovich rwilson etc
    do
     su - $USERS -c "ssh-agent | head -2 > /home/$USERS/.ssh/.ssh-agent.dat"
    done

    Modify .bashrc as mentioned earlier.

    A ssh-add will have to be done once per user per reboot but that's better than nothing.

    --Ray

    P.S. I haven't tried the above script. Use at your own risk. Mileage may vary. Disclaimer, disclaimer, disclaimer...

    -----Original Message-----
    From: Wilson, Richard E [mailto:richard.wilson@eds.com]
    Sent: Tuesday, December 17, 2002 2:59 PM
    To: 'David Danovich'; secureshell@securityfocus.com
    Subject: RE: ssh-agent and ssh-add automatically

    David,

    You can get away with doing this once every time the system boots, but it still has to be done. Here's how (also using RH 7.3):

    ssh-agent | head -2 > $HOME/.ssh-agent.dat
    ssh-add

    Then add the following to your .bashrc (assuming you're using bash):

    if [ -f $HOME/.ssh-agent.dat ]; then
      . $HOME/.ssh-agent.dat
    fi

    You can of course create a system startup script to handle this, but it will have to have the individual ID's pass phrases available to it somehow and has to run as the ID that will be using the agent. Has anyone out there created a secure solution to that one?

    Richard Wilson

    -----Original Message-----
    From: David Danovich [mailto:David.Danovich@huji.ac.il]
    Sent: Tuesday, December 17, 2002 2:49 AM
    To: secureshell@securityfocus.com
    Subject: ssh-agent and ssh-add automatically

    Hi,

    I have a linux cluster (RedHat 7.3) with 4 linux boxes. In order for ssh to operate without password I seted up private authentication keys using ssh-keygen -t rsa command. Created authorized_keys and known_hosts files and everything works fine. The problem is that every time I open a new window or start a new session I have to carry out several commands in order to use this ssh without password. The commands I need to do is following

     ssh-agent $SHELL
    ssh-add

    I also need to write my passphrase and only after this procedure I am able do carry out any command on any nodes directly from server without typing password or passphrase. (For example, command like ssh -n har3 date). Har3 is the name of one of the node.

    What I want is to skip this procedure with ssh-agent and ssh-add commands. Is it possible to modify some configuration files of ssh so that I would be able to carry out command on nodes when I write it actually on server (like above command ssh -n har3 date) directly when I start a new session without ssh-agent and ssh-add commands.

    Thank you in advance David