X oturumları için ssh-agent kullanımı

Şuraya atla: kullan, ara

Description

In environments where public-key authentication is used extensively, it's awkward to have to type your passphrase every time you connect to a service oder server via ssh. ssh-agent is a service running in the background that keeps your passphrase at hand and provides it automatically, saving you the typing hassle - but only for the shell and its subprocesses ssh-agent was started from. The below describes how to have ssh-agent running in the global scope, meaning for the entire Xsession - and thus for all applications that use SSH keys for authentication purposes.

This guide is verified to be working with

$> uname -a
Linux box 2.6.13-8-smp #1 SMP Tue Sep 6 12:59:22 UTC 2005 i686 i686 i386 GNU/Linux
$> cat /etc/SuSE-release
SUSE LINUX 10.0 (i586) OSS
VERSION = 10.0

Preparation

Open a shell and make sure all relevant RPMs are installed

$> rpm -qa | grep -i ssh
openssh-askpass-version
pam_ssh-version
openssh-version

version here is substitued in the shell ouptut by the actual RPM version number. Especially openssh-askpass is important - it's a simple GUI that let's you type the passphrase.

Guide

The two files .xsession and .xinitrc need to be created and customized in order to have the SSH agent working for the X session.

.xsession file

Open a shell and copy the system default xsession script to your home directory and rename it to .xsession:

$> cp /etc/X11/xdm/sys.xsession ~/.xsession

Edit the file

$> vi ~/.xsession

It helps to now activate line numbers in vi

:set number

Look for the following lines and set these values

 9  usessh="yes"
 78 sshagent="yes"
 79 SSH_ASKPASS="/usr/lib/ssh/x11-ssh-askpass"

Note that on 64bit Systems, openssh-askpass is located in /usr/lib64/ssh/x11-ssh-askpass
Save the file and exit the editor (ESC :wq).

.xinitrc file

Open a shell and copy the template .xinitrc.template in your home directory to the regular file.

 $> cp ~/.xinitrc.template ~/.xinitrc

Edit the file

 $> vi ~/.xinitrc

Again, activate line numbers in vi

:set number

Navigate to line 105 or to the commented-out ssh-add command respectively

 105 # ssh-add

Comment that in, then save the file

 105 ssh-add
 ESC :wq

You're good to go! Now log out of your Xsession and log back in.
After a successful authentication, you should be prompted by openssh-askpass for your passphrase.

Guide (pam_ssh)

Open a shell and modify /etc/pam.d/xdm by adding the following lines:

 #%PAM-1.0
 auth     sufficient     pam_ssh.so
 auth     include        common-auth
 account  include        common-account
 password include        common-password
 session  include        common-session
 session  required       pam_ssh.so
 session  required       pam_devperm.so
 session  required       pam_resmgr.so

This will allow you to authenticate in KDM and GDM with your SSH passphrase and use it for starting the ssh-agent. No other changes are needed.