Where to install ssh-agent?
Contents
Problem
So I should use ssh-agent for more comfort, but what is the best place to start ssh-agent?
Solution
Workstation
SuSE 10.0
In SuSE 10.0, it is advised to set up ssh-agent in both .xsession and .xinitrc: Using ssh-agent globally for X session - openSUSE
Ubuntu 6.10
- Select {System | Preferences | Sessions}, tab {Startup Programs}, button {Add}
- Enter as {Startup Command:} ssh-add /home/user/.ssh/key with "user" and "key" replaced by the actual values
Server
See ssh-agent script below. This script runs during boot and sends administrator an e-mail that ssh-add needs to be run.
Journal
20060829
According to Common threads: OpenSSH key management, Part 2 it should be placed in ./bash_profile. http://www.fvue.nl/w/index.php?title=Bash:_Where_to_install_ssh-agent%3F&action=edit But when I put this in ./bash_profile it doesn't get executed:
#!/bin/bash eval $(ssh-agent -s)
From Bash - What happens when you invoke bash - DeveloperNet I learn that .profile should be used.
20060903
Fun with XMMS (and friends) Tips and tricks for the unix desktop
The ssh-agent needs only be installed once – on login. Bash looks for ~/.bash_profile, ~/.bash_login or ~/.profile and uses the first one which it can access all right. Use this file.
20061006
Using ssh-agent globally for X session - openSUSE
But how do I set up ssh-agent on my server so that a password is asked during boot?
BigAdmin Feature Article: Secure Shell: Part 2
20061007
Paranoid Penguin - Managing SSH for Scripts and cron Jobs | Linux Journal
Found init.d script here: All About SSH - Part II / II Edit script by changing /usr/bin/rm
to rm
. Script doesn't run after reboot?
Unofficial SUSEFAQ - Starting and Stoping Services: insserv
insserv ssh-agent
An S script is linked, but no K script?
Modified ssh-agent script:
#!/bin/sh # startupfile for ssh-agent daemon # Start/stop processes required for start/stop ssh-agent # Copyright (c) 2006 Freddy Vulto # # created: GR 07-DEC-2001 # updated: SB 27-NOV-2001 and 13-FEB-2002 # generalised with variables at the top, comments # updated: FVu 07-OCT-2006 To be used with SuSE 10.0 # using template of Kurt Garloff (SuSE) # # /etc/init.d/ssh-agent # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # # Note: This template uses functions rc_XXX defined in /etc/rc.status on # UnitedLinux (UL) based Linux distributions. If you want to base your # script on this template and ensure that it works on non UL based LSB # compliant Linux distributions, you either have to provide the rc.status # functions from UL or change the script to work without them. # ### BEGIN INIT INFO # Provides: ssh-agent # Required-Start: $time $syslog $remote_fs # Should-Start: # Required-Stop: $time $syslog $remote_fs # Should-Stop: # Default-Start: 3 # Default-Stop: 0 1 2 6 # Short-Description: Start ssh-agent # Description: Start ssh-agent and store env to # be used by cron. ### END INIT INFO # # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. recipients="root" #agent="/opt/local/bin/ssh-agent" #agent="/opt/openssh/bin/ssh-agent" agent="/usr/bin/ssh-agent" trust_user="root" agent_f="/tmp/ssh-agent.info" case "$1" in 'start') if [ -f ${agent_f} ]; then echo -n Sorry, it appears to exist an ssh-agent already running echo check ${agent_f} rc_failed 1 rc_status -v fi if [ -x ${agent} ]; then echo -n Starting secure shell agent daemon $trust_user -c ${agent} > ${agent_f} su $trust_user -c ${agent} > ${agent_f} echo -n "You need to run ssh-add as $trust_user!" | /usr/bin/mailx -s "`uname -n`: $agent daemon restarted" $recipients else echo -n "WARNING: ${agent} daemon file not found => ssh-agent did not start" rc_failed 7 rc_status -v fi ;; 'stop') echo -n Shutting down ssh agent daemon if [ -f ${agent_f} ]; then . ${agent_f} > /dev/null ${agent} -k > /dev/null rm -f ${agent_f} else echo could not read ${agent_f}. ssh-agent not stopped rc_failed 1 rc_status -v fi ;; *) echo -n "Usage: /etc/init.d/$0 { start | stop }" ;; esac rc_exit
20070223
What SuSE calls insserv
, Debian calls update-rc.d
. Modified
All init.d script:
#!/bin/sh # # /etc/init.d/ssh-agent # # startupfile for ssh-agent daemon # Start/stop processes required for start/stop ssh-agent # # created: GR 07-DEC-2001 # updated: SB 27-NOV-2001 and 13-FEB-2002 # generalised with variables at the top, comments # updated: FVu 23-FEB-2007 To be used with Debian: use 'update-rc.d' to install. # ln -s /etc/init.d/ssh-agent /etc/rc2.d/K99ssh-agent recipients="user" agent="/usr/bin/ssh-agent" trust_user="user" agent_f="/tmp/ssh-agent.info" case "$1" in 'start') if [ -f ${agent_f} ]; then echo Sorry, it appears to exist an ssh-agent already running echo check ${agent_f} exit 1 fi if [ -x ${agent} ]; then echo Starting secure shell agent daemon su $trust_user -c ${agent} > ${agent_f} echo "You need to run 'source /tmp/ssh-agent.info; ssh-add' as $trust_user!" | /usr/bin/mailx -s "`uname -n`: $agent daemon restarted" $recipients else echo "WARNING: ${agent} daemon file not found => ssh-agent did not start" fi ;; 'stop') echo Shutting down ssh agent daemon if [ -f ${agent_f} ]; then . ${agent_f} ${agent} -k /bin/rm -f ${agent_f} else echo could not read ${agent_f}. ssh-agent not stopped fi ;; *) echo "Usage: /etc/init.d/$0 { start | stop }" ;; esac
Copied script to /etc/init.d.
Installed script with update-rc.d ssh-agent defaults
:
Adding system startup for /etc/init.d/ssh-agent ... /etc/rc0.d/K20ssh-agent -> ../init.d/ssh-agent /etc/rc1.d/K20ssh-agent -> ../init.d/ssh-agent /etc/rc6.d/K20ssh-agent -> ../init.d/ssh-agent /etc/rc2.d/S20ssh-agent -> ../init.d/ssh-agent /etc/rc3.d/S20ssh-agent -> ../init.d/ssh-agent /etc/rc4.d/S20ssh-agent -> ../init.d/ssh-agent /etc/rc5.d/S20ssh-agent -> ../init.d/ssh-agent