Re: asking passphrase only on first use

• Previous message: Bruce David: "sshd behaviour on HPUX 10.26"
• In reply to: Mathieu Doidy: "asking passphrase only on first use"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 8 Mar 2004 14:14:44 -0500
To: secureshell@securityfocus.com

On Sun, Mar 07, 2004 at 05:27:50PM +0000, Mathieu Doidy wrote:
>Hi,
>
>I am using ssh-agent and ssh-add as part of the authorization
>process for remote login. I was wondering if it was
>possible to have the prompt for the passphrase only when really
>required and not when ssh-add is started.
>
>In the case where different keys are used (it seems to be a good
>idea not to use the same key everywhere but i might be wrong),
>for the moment, you have to enter the passphrase for all of them
>even if you won't use them. In the case where ssh-add is started
>in the .xinitrc/.xsession, it can be quite cumbersome to enter
>5 passphrases in a row independently of the fact you will use
>the associated keys or not during that session.

I use to use .xinitrc/.xsession for ssh-agent/add but have since come up
with these scripts which cover the case when I'm not logging in through
X. I've not tried it with multiple keys, but suspect it will save you
from entering each more than once for each shell environment, if that's
the problem. (BTW I keep any "special keys" in a directory relevant to
their function and specify them specifically on the ssh/ssh-add command
line)

These commands invoked from .bashrc will add an ssh-agent if appropriate
(PS1 is set) and there is no instance already available. The particular
agent is then killed from .bash_logout.

There is a bug in that some ssh-agent instances aren't removed on logout
(I see some in my ps tree when there shouldn't be), but that might be an
artifact of old ssh-agent invocations in my .xinitrc/.xsession, haven't
worked it all out yet.)

# if this is a login shell (PS1 is set) and
# if there is no $SSH_AGENT_PID and
# there is an ssh id file then assign
# SSH_AGENT_SHELL_PID[$$]=$SSH_AGENT_PID
# so this and only this $SSH_AGENT_PID
# can be killed from .bash_logout
[ -n "$PS1" -a -z "$SSH_AGENT_PID" ] \
        && [ -f ~/.ssh/id_dsa -o -f ~/.ssh/id_rsa -o -f ~/.ssh/identity ] \
        && eval `ssh-agent` </dev/null \
        && ssh-add \
        && SSH_AGENT_SHELL_PID=([$$]=${SSH_AGENT_PID})
# in .bash_logout use
#kill ${SSH_AGENT_SHELL_PID[$$]} 2>/dev/null \
# || echo ~/.bash_logout : Unknown ssh-agent, none killed.

// George

-- 
George Georgalis, Architect and administrator, Linux services. IXOYE
http://www.galis.org/george cell:646-331-2027 mailto:george@galis.org
Key fingerprint = 5415 2738 61CF 6AE1 E9A7  9EF0 0186 503B 9831 1631

• Previous message: Bruce David: "sshd behaviour on HPUX 10.26"
• In reply to: Mathieu Doidy: "asking passphrase only on first use"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]