You are not logged in.

#1 2011-05-11 12:40:23

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

[WORKED AROUND] ssh-agent not working after changing to Xfce

So I've recently changed to Xfce, which has buggered up my ssh-agent. I used to use gnome-keyring (aka "Seahorse").

Ideally I would like to keep using that, but I'd be happy for anything that WORKS (ie, remembers my keys so I don't have to constantly enter my (long) passphrase).

My keys all exist and are in the ssh-agent:

 $ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAss......stR/9v/HwNzw== /home/fukawi2//.ssh/ssh-key.archserver
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvu......DZBimZc0orJQ== /home/fukawi2//.ssh/ssh-key.falconn
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ......YTQkT3 /home/fukawi2//.ssh/ssh-key.nato
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv/......4n52VCIl23fg6Q== /home/fukawi2//.ssh/ssh-key.nwb
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxU......rHyqQB3Ypu31Er2w== /home/fukawi2//.ssh/ssh-key.personal

My config specifies the correct key to use:

$ fgrep -A4 fw1 .ssh/config 
Host fw1 fw1.<redacted>
    hostname fw1.<redacted>
    user <redacted>
    IdentityFile ~/.ssh/ssh-key.nato
    port <redacted>

I'm not sure if these are correct, but they seem to be:

/home/fukawi2 $ env | grep SSH
SSH_AGENT_PID=13034
SSH_AUTH_SOCK=/tmp/ssh-azEooja13033/agent.13033
SSH_ASKPASS=/usr/bin/ksshaskpass

And yet I'm constantly being asked for my passphrase.....

$ ssh fw1
Enter passphrase for key '/home/fukawi2/.ssh/ssh-key.nato': 

Last edited by fukawi2 (2011-05-12 09:07:04)

Offline

#2 2011-05-11 20:11:30

firecat53
Member
From: Lake Stevens, WA, USA
Registered: 2007-05-14
Posts: 1,542
Website

Re: [WORKED AROUND] ssh-agent not working after changing to Xfce

Well, you've certainly got more experience than I, but here's some idiot checks I could come up with:
1. There was a recent (2011/5/10) change to openssh. Do all your keys not work? Logging in to an Arch server that hasn't had sshd restarted since the update?
2. Permissions correct on keys (maybe inadvertant change? Reverted to a different version of your key with the same name?
3. I use keychain started like this from my .bashrc (I login via startx/xinitrc, no login manager):

type -P keychain &>/dev/null || { echo "I require keychain but it's not installed.  Aborting." >&2; }
eval `keychain -q --eval --agents ssh id_rsa logo_rsa web_rsa`

4. I don't have the SSH_ASKPASS variable in my env

Hope that helps...if not you then someone else! smile

Scott

Offline

#3 2011-05-12 09:06:19

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: [WORKED AROUND] ssh-agent not working after changing to Xfce

OK, solution (kind of) found... Apparently keys must be named id_rsa*

Using names that make sense doesn't work. I've found this before, but got around it by symlinking a friendly name:

$ ll .ssh/ssh-key.*
lrwxrwxrwx 1 fukawi2 fukawi2 6 May  8 13:18 .ssh/ssh-key.archserver -> id_rsa
lrwxrwxrwx 1 fukawi2 fukawi2 8 May  8 13:17 .ssh/ssh-key.falconn -> id_rsa.3
lrwxrwxrwx 1 fukawi2 fukawi2 8 May  8 13:18 .ssh/ssh-key.nato -> id_rsa.4
lrwxrwxrwx 1 fukawi2 fukawi2 8 May  8 13:18 .ssh/ssh-key.nwb -> id_rsa.1
lrwxrwxrwx 1 fukawi2 fukawi2 8 May  8 13:19 .ssh/ssh-key.personal -> id_rsa.2

Apparently now that isn't allowed anymore; changing my config file to use the id_rsa file explicitly works:

$ fgrep -A5 fw1 .ssh/config 
Host fw1 fw1.<redacted>
    hostname fw1.<redacted>
    user <redacted>
    #IdentityFile ~/.ssh/ssh-key.nato
    IdentityFile ~/.ssh/id_rsa.4
    port <redacted>

/home/fukawi2 $ ssh fw1
Last login: Thu May 12 19:02:11 2011 from <redacted>
INFO: Setting proxy to http://proxy.<redacted>:3128
INFO: Loaded Local file: '/etc/bashrc'
fw1 ~ $ 

Last edited by fukawi2 (2011-05-12 09:07:32)

Offline

#4 2011-05-12 13:51:13

thayer
Fellow
From: Vancouver, BC
Registered: 2007-05-20
Posts: 1,560
Website

Re: [WORKED AROUND] ssh-agent not working after changing to Xfce

Keychain is the easiest "one password prompt per session" solution. My ~/.bash_profile includes:

# start keychain, feed it keys and source the results
/usr/bin/keychain -Q -q ~/.ssh/id_rsa < /dev/null
[ -f $HOME/.keychain/$HOSTNAME-sh ] && source $HOME/.keychain/$HOSTNAME-sh

SSH_ASKPASS specifies which GUI tool to run when a passphrase is required; popular choices include x11-ssh-askpass and gtk-led-askpass.

Last edited by thayer (2011-05-12 13:55:09)


thayer williams ~ cinderwick.ca

Offline

#5 2011-05-12 14:26:09

o1911
Member
From: Hobart, Australia
Registered: 2009-04-28
Posts: 106

Re: [WORKED AROUND] ssh-agent not working after changing to Xfce

thayer, thank you so much for that post; keychain works like a dream in kde combined with openssh-askpass.


Arch x86_64

Offline

#6 2011-05-12 17:49:34

thayer
Fellow
From: Vancouver, BC
Registered: 2007-05-20
Posts: 1,560
Website

Re: [WORKED AROUND] ssh-agent not working after changing to Xfce

o1911 wrote:

thayer, thank you so much for that post; keychain works like a dream in kde combined with openssh-askpass.

You're very welcome, glad it did the trick!


thayer williams ~ cinderwick.ca

Offline

Board footer

Powered by FluxBB