Where to install ssh-agent?

From FVue
Jump to: navigation, search

Problem

So I should use ssh-agent for more comfort, but what is the best place to start ssh-agent?

Solution

Workstation

SuSE 10.0

In SuSE 10.0, it is advised to set up ssh-agent in both .xsession and .xinitrc: Using ssh-agent globally for X session - openSUSE

Ubuntu 6.10

  • Select {System | Preferences | Sessions}, tab {Startup Programs}, button {Add}
  • Enter as {Startup Command:} ssh-add /home/user/.ssh/key with "user" and "key" replaced by the actual values

Server

See ssh-agent script below. This script runs during boot and sends administrator an e-mail that ssh-add needs to be run.

Journal

20060829

According to Common threads: OpenSSH key management, Part 2 it should be placed in ./bash_profile. http://www.fvue.nl/w/index.php?title=Bash:_Where_to_install_ssh-agent%3F&action=edit But when I put this in ./bash_profile it doesn't get executed:

#!/bin/bash
eval $(ssh-agent -s)

From Bash - What happens when you invoke bash - DeveloperNet I learn that .profile should be used.

20060903

Fun with XMMS (and friends) Tips and tricks for the unix desktop

The ssh-agent needs only be installed once – on login. Bash looks for ~/.bash_profile, ~/.bash_login or ~/.profile and uses the first one which it can access all right. Use this file.

20061006

Using ssh-agent globally for X session - openSUSE

But how do I set up ssh-agent on my server so that a password is asked during boot?

BigAdmin Feature Article: Secure Shell: Part 2

20061007

Paranoid Penguin - Managing SSH for Scripts and cron Jobs | Linux Journal

Found init.d script here: All About SSH - Part II / II Edit script by changing /usr/bin/rm to rm. Script doesn't run after reboot?

Unofficial SUSEFAQ - Starting and Stoping Services: insserv

insserv ssh-agent

An S script is linked, but no K script?

Modified ssh-agent script:

#!/bin/sh
# startupfile for ssh-agent daemon
# Start/stop processes required for start/stop ssh-agent
# Copyright (c) 2006 Freddy Vulto
#
# created: GR 07-DEC-2001
# updated: SB 27-NOV-2001 and 13-FEB-2002
#             generalised with variables at the top, comments
# updated: FVu 07-OCT-2006 To be used with SuSE 10.0
#          using template of Kurt Garloff (SuSE)
#
# /etc/init.d/ssh-agent
#
#    This program is free software; you can redistribute it and/or modify 
#    it under the terms of the GNU General Public License as published by 
#    the Free Software Foundation; either version 2 of the License, or 
#    (at your option) any later version. 
# 
#    This program is distributed in the hope that it will be useful, 
#    but WITHOUT ANY WARRANTY; without even the implied warranty of 
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
#    GNU General Public License for more details. 
# 
#    You should have received a copy of the GNU General Public License 
#    along with this program; if not, write to the Free Software 
#    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
# 
# Note: This template uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux (UL) based Linux distributions. If you want to base your 
# script on this template and ensure that it works on non UL based LSB 
# compliant Linux distributions, you either have to provide the rc.status
# functions from UL or change the script to work without them.
#
### BEGIN INIT INFO
# Provides:          ssh-agent
# Required-Start:    $time $syslog $remote_fs
# Should-Start:
# Required-Stop:     $time $syslog $remote_fs
# Should-Stop:       
# Default-Start:     3
# Default-Stop:      0 1 2 6
# Short-Description: Start ssh-agent
# Description:       Start ssh-agent and store env to
#	be used by cron.
### END INIT INFO
#
# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     be verbose in local rc status and clear it afterwards
#      rc_status -v -r  ditto and clear both the local and overall rc status
#      rc_status -s     display "skipped" and exit with status 3
#      rc_status -u     display "unused" and exit with status 3
#      rc_failed        set local and overall rc status to failed
#      rc_failed <num>  set local and overall rc status to <num>
#      rc_reset         clear both the local and overall rc status
#      rc_exit          exit appropriate to overall rc status
#      rc_active        checks whether a service is activated by symlinks
. /etc/rc.status

# Reset status of this service
rc_reset

# Return values acc. to LSB for all commands but status:
# 0	  - success
# 1       - generic or unspecified error
# 2       - invalid or excess argument(s)
# 3       - unimplemented feature (e.g. "reload")
# 4       - user had insufficient privileges
# 5       - program is not installed
# 6       - program is not configured
# 7       - program is not running
# 8--199  - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
# 
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.

recipients="root"
#agent="/opt/local/bin/ssh-agent"
#agent="/opt/openssh/bin/ssh-agent"
agent="/usr/bin/ssh-agent"
trust_user="root"
agent_f="/tmp/ssh-agent.info"

case "$1" in
'start')

	if [ -f ${agent_f} ]; then
	 	echo -n Sorry, it appears to exist an ssh-agent already running
	 	echo check ${agent_f}
		rc_failed 1
		rc_status -v
	fi
	if [ -x ${agent} ]; then
		echo -n Starting secure shell agent daemon
		$trust_user -c ${agent} > ${agent_f}
		su $trust_user -c ${agent} > ${agent_f}
		echo -n "You need to run ssh-add as $trust_user!" | /usr/bin/mailx -s "`uname -n`: $agent daemon restarted" $recipients
	else	
		echo -n "WARNING: ${agent} daemon file not found => ssh-agent did not start"
		rc_failed 7
		rc_status -v
	fi
	;;


'stop')
	echo -n Shutting down ssh agent daemon
	if [ -f ${agent_f} ]; then
		. ${agent_f} > /dev/null
		${agent} -k > /dev/null
		rm -f ${agent_f}
	else
		echo could not read ${agent_f}. ssh-agent not stopped
		rc_failed 1
		rc_status -v
	fi

	;;
*)
	echo -n "Usage: /etc/init.d/$0 { start | stop }"
	;;
esac
rc_exit

20070223

What SuSE calls insserv, Debian calls update-rc.d. Modified All init.d script:

#!/bin/sh
#
# /etc/init.d/ssh-agent
#
# startupfile for ssh-agent daemon
# Start/stop processes required for start/stop ssh-agent
#
# created: GR 07-DEC-2001
# updated: SB 27-NOV-2001 and 13-FEB-2002
#             generalised with variables at the top, comments
# updated: FVu 23-FEB-2007  To be used with Debian: use 'update-rc.d' to install.
# ln -s /etc/init.d/ssh-agent /etc/rc2.d/K99ssh-agent

recipients="user"
agent="/usr/bin/ssh-agent"
trust_user="user"
agent_f="/tmp/ssh-agent.info"

case "$1" in
'start')

        if [ -f ${agent_f} ]; then
                echo Sorry, it appears to exist an ssh-agent already running
                echo check ${agent_f}
                exit 1
        fi
        if [ -x ${agent} ]; then
                echo Starting secure shell agent daemon
                su $trust_user -c ${agent} > ${agent_f}
                echo "You need to run 'source /tmp/ssh-agent.info; ssh-add' as $trust_user!" | /usr/bin/mailx -s "`uname -n`: $agent daemon restarted" $recipients
        else
                echo "WARNING: ${agent} daemon file not found => ssh-agent did not start"
        fi
        ;;


'stop')
        echo Shutting down ssh agent daemon
        if [ -f ${agent_f} ]; then
                . ${agent_f}     
                ${agent} -k
                /bin/rm -f ${agent_f}
        else
                echo could not read ${agent_f}. ssh-agent not stopped
        fi

        ;;
*)
        echo "Usage: /etc/init.d/$0 { start | stop }"
        ;;
esac

Copied script to /etc/init.d.

Installed script with update-rc.d ssh-agent defaults:

Adding system startup for /etc/init.d/ssh-agent ...
/etc/rc0.d/K20ssh-agent -> ../init.d/ssh-agent
/etc/rc1.d/K20ssh-agent -> ../init.d/ssh-agent
/etc/rc6.d/K20ssh-agent -> ../init.d/ssh-agent
/etc/rc2.d/S20ssh-agent -> ../init.d/ssh-agent
/etc/rc3.d/S20ssh-agent -> ../init.d/ssh-agent
/etc/rc4.d/S20ssh-agent -> ../init.d/ssh-agent
/etc/rc5.d/S20ssh-agent -> ../init.d/ssh-agent

Comments

blog comments powered by Disqus