Using ssh-agent globally for X session
İçindekiler
Description
In environments where public-key authentication is used extensively, it's awkward to have to type your passphrase every time you connect to a service oder server via ssh. ssh-agent is a service running in the background that keeps your passphrase at hand and provides it automatically, saving you the typing hassle - but only for the shell and its subprocesses ssh-agent was started from. The below describes how to have ssh-agent running in the global scope, meaning for the entire Xsession - and thus for all applications that use SSH keys for authentication purposes.
This guide is verified to be working with
$> uname -a Linux box 2.6.13-8-smp #1 SMP Tue Sep 6 12:59:22 UTC 2005 i686 i686 i386 GNU/Linux
$> cat /etc/SuSE-release SUSE LINUX 10.0 (i586) OSS VERSION = 10.0
Preparation
Open a shell and make sure all relevant RPMs are installed
$> rpm -qa | grep -i ssh openssh-askpass-version pam_ssh-version openssh-version
version here is substitued in the shell ouptut by the actual RPM version number. Especially openssh-askpass is important - it's a simple GUI that let's you type the passphrase.
Guide
The two files .xsession and .xinitrc need to be created and customized in order to have the SSH agent working for the X session.
.xsession file
Open a shell and copy the system default xsession script to your home directory and rename it to .xsession:
$> cp /etc/X11/xdm/sys.xsession ~/.xsession
Edit the file
$> vi ~/.xsession
It helps to now activate line numbers in vi
:set number
Look for the following lines and set these values
9 usessh="yes" 78 sshagent="yes" 79 SSH_ASKPASS="/usr/lib/ssh/x11-ssh-askpass"
Note that on 64bit Systems, openssh-askpass is located in /usr/lib64/ssh/x11-ssh-askpass
Save the file and exit the editor (ESC :wq).
.xinitrc file
Open a shell and copy the template .xinitrc.template in your home directory to the regular file.
$> cp ~/.xinitrc.template ~/.xinitrc
Edit the file
$> vi ~/.xinitrc
Again, activate line numbers in vi
:set number
Navigate to line 105 or to the commented-out ssh-add command respectively
105 # ssh-add
Comment that in, then save the file
105 ssh-add ESC :wq
You're good to go! Now log out of your Xsession and log back in.
After a successful authentication, you should be prompted by openssh-askpass for your passphrase.
Guide (pam_ssh)
Open a shell and modify /etc/pam.d/xdm by adding the following lines:
#%PAM-1.0 auth sufficient pam_ssh.so auth include common-auth account include common-account password include common-password session include common-session session required pam_ssh.so session required pam_devperm.so session required pam_resmgr.so
This will allow you to authenticate in KDM and GDM with your SSH passphrase and use it for starting the ssh-agent. No other changes are needed.