Using ssh-agent globally for X session
In environments where public-key authentication is used extensively, it's awkward to have to type your passphrase every time you connect to a service oder server via ssh. ssh-agent is a service running in the background that keeps your passphrase at hand and provides it automatically, saving you the typing hassle - but only for the shell and its subprocesses ssh-agent was started from. The below describes how to have ssh-agent running in the global scope, meaning for the entire Xsession - and thus for all applications that use SSH keys for authentication purposes.
This guide is verified to be working with
$> uname -a Linux box 2.6.13-8-smp #1 SMP Tue Sep 6 12:59:22 UTC 2005 i686 i686 i386 GNU/Linux
$> cat /etc/SuSE-release SUSE LINUX 10.0 (i586) OSS VERSION = 10.0
Open a shell and make sure all relevant RPMs are installed
$> rpm -qa | grep -i ssh openssh-askpass-version pam_ssh-version openssh-version
version here is substitued in the shell ouptut by the actual RPM version number. Especially openssh-askpass is important - it's a simple GUI that let's you type the passphrase.
The two files .xsession and .xinitrc need to be created and customized in order to have the SSH agent working for the X session.
Open a shell and copy the system default xsession script to your home directory and rename it to .xsession:
$> cp /etc/X11/xdm/sys.xsession ~/.xsession
Edit the file
$> vi ~/.xsession
It helps to now activate line numbers in vi
Look for the following lines and set these values
9 usessh="yes" 78 sshagent="yes" 79 SSH_ASKPASS="/usr/lib/ssh/x11-ssh-askpass"
Note that on 64bit Systems, openssh-askpass is located in /usr/lib64/ssh/x11-ssh-askpass
Save the file and exit the editor (ESC :wq).
Open a shell and copy the template .xinitrc.template in your home directory to the regular file.
$> cp ~/.xinitrc.template ~/.xinitrc
Edit the file
$> vi ~/.xinitrc
Again, activate line numbers in vi
Navigate to line 105 or to the commented-out ssh-add command respectively
105 # ssh-add
Comment that in, then save the file
105 ssh-add ESC :wq
You're good to go! Now log out of your Xsession and log back in.
After a successful authentication, you should be prompted by openssh-askpass for your passphrase.
Open a shell and modify /etc/pam.d/xdm by adding the following lines:
#%PAM-1.0 auth sufficient pam_ssh.so auth include common-auth account include common-account password include common-password session include common-session session required pam_ssh.so session required pam_devperm.so session required pam_resmgr.so
This will allow you to authenticate in KDM and GDM with your SSH passphrase and use it for starting the ssh-agent. No other changes are needed.