Re: Agent Forwarding Question for the list



On Thu, Oct 05, 2006 at 12:06:27PM -0400, Layne Fink wrote:
I'm no expert.. but my first guess at this is you need to start the
ssh-add agent on server1 as well.

No, that's not correct; this is the whole purpose of agent forwarding.
There is also a way to make ssh-add global.. i believe that normally
ssh-add only lasts for the current session, soon as you logout the add
agent stops... something to do with editing your $HOME/.bash_profile or
$HOME/.bashrc for BASH for example. I'll google a bit and give a for sure
answer if someone else hasn't done so by then.

Adding a key to your agent with ssh-add works for any process which
can see the SSH_* environment variables which ssh-agent creates. The
easiest way to make all your shells see this is to use the X window
system, and start X using something like this:

ssh-agent fvwm # or whatever window manager you run

or:

ssh-agent gnome-session # or startkde

or whatever... You can do this by adding such a line to your .xinitrc
(for startx) or .xsession (for sessions started from xdm/gdm/kdm
etc.). One of these needs to be executable (i.e. a shell script), but
I can never remember which one (I think it's .xsession). Make sure it
is executable using chmod.

When you do this, all ssh sessions from all of your xterms will be
able to see your agent. Just run ssh-add from any xterm to add your
key to your agent, and you're good to go. You can play games with
your .bashrc too if you prefer, but this method is far more elegant.

--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D

Attachment: pgpWwSU5RygUp.pgp
Description: PGP signature



Relevant Pages

  • Re: ssh-agent broken in Jaunty?
    ... Could not open a connection to your authentication agent. ... run ssh-agent with no arguments. ... You might like to first kill any other running ... Then run ssh-add. ...
    (Ubuntu)
  • Re: using "at" and ssh
    ... > new ssh-add against this old ssh-agent. ... You don't have to start a new agent. ... have saved the relevant environment variables in a file so they can be ...
    (comp.security.ssh)
  • Re: Shell script with ssh does not work with crontab :(
    ... >> make sure your environment and your cron process share the same data. ... >> Now your agent info is shared by your script and by your running shell. ... > ssh-add at the command prompt then I subsequently ran my script. ...
    (comp.security.ssh)
  • Re: Remote X
    ... Fortunately, on Fedora Core, you don't have to. ... All X sessions start up with an agent available. ...
    (Fedora)
  • Re: key auth ok one way, not the other
    ... Thanks - I've made some headway after modifying permissions. ... The gotcha is that I can load the agent but trying to add a key ... If I su to root I can do an ssh-add and get the private key into ...
    (comp.security.ssh)