Where to install ssh-agent?
Contents
Problem
So I should use ssh-agent for more comfort, but what is the best place to start ssh-agent?
Solution
Workstation
SuSE 10.0
In SuSE 10.0, it is advised to set up ssh-agent in both .xsession and .xinitrc: Using ssh-agent globally for X session - openSUSE
Ubuntu 6.10
- Select {System | Preferences | Sessions}, tab {Startup Programs}, button {Add}
- Enter as {Startup Command:} ssh-add /home/user/.ssh/key with "user" and "key" replaced by the actual values
Server
See ssh-agent script below. This script runs during boot and sends administrator an e-mail that ssh-add needs to be run.
Journal
20060829
According to Common threads: OpenSSH key management, Part 2 it should be placed in ./bash_profile. http://www.fvue.nl/w/index.php?title=Bash:_Where_to_install_ssh-agent%3F&action=edit But when I put this in ./bash_profile it doesn't get executed:
#!/bin/bash eval $(ssh-agent -s)
From Bash - What happens when you invoke bash - DeveloperNet I learn that .profile should be used.
20060903
Fun with XMMS (and friends) Tips and tricks for the unix desktop
The ssh-agent needs only be installed once – on login. Bash looks for ~/.bash_profile, ~/.bash_login or ~/.profile and uses the first one which it can access all right. Use this file.
20061006
Using ssh-agent globally for X session - openSUSE
But how do I set up ssh-agent on my server so that a password is asked during boot?
BigAdmin Feature Article: Secure Shell: Part 2
20061007
Paranoid Penguin - Managing SSH for Scripts and cron Jobs | Linux Journal
Found init.d script here: All About SSH - Part II / II Edit script by changing /usr/bin/rm to rm. Script doesn't run after reboot?
Unofficial SUSEFAQ - Starting and Stoping Services: insserv
insserv ssh-agent
An S script is linked, but no K script?
Modified ssh-agent script:
#!/bin/sh
# startupfile for ssh-agent daemon
# Start/stop processes required for start/stop ssh-agent
# Copyright (c) 2006 Freddy Vulto
#
# created: GR 07-DEC-2001
# updated: SB 27-NOV-2001 and 13-FEB-2002
# generalised with variables at the top, comments
# updated: FVu 07-OCT-2006 To be used with SuSE 10.0
# using template of Kurt Garloff (SuSE)
#
# /etc/init.d/ssh-agent
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
#
# Note: This template uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux (UL) based Linux distributions. If you want to base your
# script on this template and ensure that it works on non UL based LSB
# compliant Linux distributions, you either have to provide the rc.status
# functions from UL or change the script to work without them.
#
### BEGIN INIT INFO
# Provides: ssh-agent
# Required-Start: $time $syslog $remote_fs
# Should-Start:
# Required-Stop: $time $syslog $remote_fs
# Should-Stop:
# Default-Start: 3
# Default-Stop: 0 1 2 6
# Short-Description: Start ssh-agent
# Description: Start ssh-agent and store env to
# be used by cron.
### END INIT INFO
#
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
. /etc/rc.status
# Reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - user had insufficient privileges
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.
recipients="root"
#agent="/opt/local/bin/ssh-agent"
#agent="/opt/openssh/bin/ssh-agent"
agent="/usr/bin/ssh-agent"
trust_user="root"
agent_f="/tmp/ssh-agent.info"
case "$1" in
'start')
if [ -f ${agent_f} ]; then
echo -n Sorry, it appears to exist an ssh-agent already running
echo check ${agent_f}
rc_failed 1
rc_status -v
fi
if [ -x ${agent} ]; then
echo -n Starting secure shell agent daemon
$trust_user -c ${agent} > ${agent_f}
su $trust_user -c ${agent} > ${agent_f}
echo -n "You need to run ssh-add as $trust_user!" | /usr/bin/mailx -s "`uname -n`: $agent daemon restarted" $recipients
else
echo -n "WARNING: ${agent} daemon file not found => ssh-agent did not start"
rc_failed 7
rc_status -v
fi
;;
'stop')
echo -n Shutting down ssh agent daemon
if [ -f ${agent_f} ]; then
. ${agent_f} > /dev/null
${agent} -k > /dev/null
rm -f ${agent_f}
else
echo could not read ${agent_f}. ssh-agent not stopped
rc_failed 1
rc_status -v
fi
;;
*)
echo -n "Usage: /etc/init.d/$0 { start | stop }"
;;
esac
rc_exit
20070223
What SuSE calls insserv, Debian calls update-rc.d. Modified
All init.d script:
#!/bin/sh
#
# /etc/init.d/ssh-agent
#
# startupfile for ssh-agent daemon
# Start/stop processes required for start/stop ssh-agent
#
# created: GR 07-DEC-2001
# updated: SB 27-NOV-2001 and 13-FEB-2002
# generalised with variables at the top, comments
# updated: FVu 23-FEB-2007 To be used with Debian: use 'update-rc.d' to install.
# ln -s /etc/init.d/ssh-agent /etc/rc2.d/K99ssh-agent
recipients="user"
agent="/usr/bin/ssh-agent"
trust_user="user"
agent_f="/tmp/ssh-agent.info"
case "$1" in
'start')
if [ -f ${agent_f} ]; then
echo Sorry, it appears to exist an ssh-agent already running
echo check ${agent_f}
exit 1
fi
if [ -x ${agent} ]; then
echo Starting secure shell agent daemon
su $trust_user -c ${agent} > ${agent_f}
echo "You need to run 'source /tmp/ssh-agent.info; ssh-add' as $trust_user!" | /usr/bin/mailx -s "`uname -n`: $agent daemon restarted" $recipients
else
echo "WARNING: ${agent} daemon file not found => ssh-agent did not start"
fi
;;
'stop')
echo Shutting down ssh agent daemon
if [ -f ${agent_f} ]; then
. ${agent_f}
${agent} -k
/bin/rm -f ${agent_f}
else
echo could not read ${agent_f}. ssh-agent not stopped
fi
;;
*)
echo "Usage: /etc/init.d/$0 { start | stop }"
;;
esac
Copied script to /etc/init.d.
Installed script with update-rc.d ssh-agent defaults:
Adding system startup for /etc/init.d/ssh-agent ... /etc/rc0.d/K20ssh-agent -> ../init.d/ssh-agent /etc/rc1.d/K20ssh-agent -> ../init.d/ssh-agent /etc/rc6.d/K20ssh-agent -> ../init.d/ssh-agent /etc/rc2.d/S20ssh-agent -> ../init.d/ssh-agent /etc/rc3.d/S20ssh-agent -> ../init.d/ssh-agent /etc/rc4.d/S20ssh-agent -> ../init.d/ssh-agent /etc/rc5.d/S20ssh-agent -> ../init.d/ssh-agent
