X oturumları için ssh-agent kullanımı

Şuraya atla: kullan, ara


In environments where public-key authentication is used extensively, it's awkward to have to type your passphrase every time you connect to a service oder server via ssh. ssh-agent is a service running in the background that keeps your passphrase at hand and provides it automatically, saving you the typing hassle - but only for the shell and its subprocesses ssh-agent was started from. The below describes how to have ssh-agent running in the global scope, meaning for the entire Xsession - and thus for all applications that use SSH keys for authentication purposes.

This guide is verified to be working with

$> uname -a
Linux box 2.6.13-8-smp #1 SMP Tue Sep 6 12:59:22 UTC 2005 i686 i686 i386 GNU/Linux
$> cat /etc/SuSE-release
SUSE LINUX 10.0 (i586) OSS
VERSION = 10.0


Open a shell and make sure all relevant RPMs are installed

$> rpm -qa | grep -i ssh

version here is substitued in the shell ouptut by the actual RPM version number. Especially openssh-askpass is important - it's a simple GUI that let's you type the passphrase.


The two files .xsession and .xinitrc need to be created and customized in order to have the SSH agent working for the X session.

.xsession file

Open a shell and copy the system default xsession script to your home directory and rename it to .xsession:

$> cp /etc/X11/xdm/sys.xsession ~/.xsession

Edit the file

$> vi ~/.xsession

It helps to now activate line numbers in vi

:set number

Look for the following lines and set these values

 9  usessh="yes"
 78 sshagent="yes"
 79 SSH_ASKPASS="/usr/lib/ssh/x11-ssh-askpass"

Note that on 64bit Systems, openssh-askpass is located in /usr/lib64/ssh/x11-ssh-askpass
Save the file and exit the editor (ESC :wq).

.xinitrc file

Open a shell and copy the template .xinitrc.template in your home directory to the regular file.

 $> cp ~/.xinitrc.template ~/.xinitrc

Edit the file

 $> vi ~/.xinitrc

Again, activate line numbers in vi

:set number

Navigate to line 105 or to the commented-out ssh-add command respectively

 105 # ssh-add

Comment that in, then save the file

 105 ssh-add
 ESC :wq

You're good to go! Now log out of your Xsession and log back in.
After a successful authentication, you should be prompted by openssh-askpass for your passphrase.

Guide (pam_ssh)

Open a shell and modify /etc/pam.d/xdm by adding the following lines:

 auth     sufficient     pam_ssh.so
 auth     include        common-auth
 account  include        common-account
 password include        common-password
 session  include        common-session
 session  required       pam_ssh.so
 session  required       pam_devperm.so
 session  required       pam_resmgr.so

This will allow you to authenticate in KDM and GDM with your SSH passphrase and use it for starting the ssh-agent. No other changes are needed.