You are not logged in.
- Topics: Active | Unanswered
#1 2011-12-16 15:30:51
- battlepanic
- Member
- Registered: 2009-08-22
- Posts: 76
Using ssh-agent without having to enter my passphrase
Is there a way to set up ssh-agent such that I never have to enter my private key's passphrase when logging in to the local system? I don't like the idea of having to enter two passwords on login. Since I just authenticated myself to the system on login, can't the system somehow forward these credentials to ssh-agent?
I have tried the 'keychain' package, but I am still required to enter my passphrase at least once on a fresh boot.
Also, I would want any solution it to work at the tty login prompt since I don't have anything like Gnome or KDE installed.
Last edited by battlepanic (2011-12-17 16:28:55)
Offline
#2 2011-12-16 15:44:54
- Stebalien
- Member
- Registered: 2010-04-27
- Posts: 1,237
- Website
Re: Using ssh-agent without having to enter my passphrase
Steven [ web : git ]
GPG: 327B 20CE 21EA 68CF A7748675 7C92 3221 5899 410C
Do not email: honeypot@stebalien.com
Offline
#3 2011-12-16 16:03:39
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,600
- Website
Re: Using ssh-agent without having to enter my passphrase
@op - I do just this under xfce4. What greeter are you using?
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#4 2011-12-17 16:28:39
- battlepanic
- Member
- Registered: 2009-08-22
- Posts: 76
Re: Using ssh-agent without having to enter my passphrase
Stebalien,
I just came across pam_ssh as well. This looks like it could be just the sort of thing I had in mind. Unfortunately, the project doesn't appear to be very active, with updates only coming every couple of years. I played around with it and got a working configuration but I've noticed a few limitations so far:
The newer ecdsa (elliptic curve) ssh keys do not appear to be supported. If you are using such a key, pam_ssh won't work, as far as I can tell. There is no mention of this in the pam_ssh man page, so beware.
The ssh-agent spawned by pam_ssh does not persist between user logins. If you like to keep a gnu screen session active between logins you are going to run into problems. The gnu screen environment and those of its children will reference the instance of ssh-agent which exists when gnu screen is invoked but this instance will eventually be killed on logout. When you log back in and reattach to your screen session, you'll notice that it can no longer find ssh-agent. The keychain script avoids this problem by keeping the ssh-agent process alive between logins
Last edited by battlepanic (2011-12-17 17:43:15)
Offline
#5 2011-12-17 16:38:18
- battlepanic
- Member
- Registered: 2009-08-22
- Posts: 76
Re: Using ssh-agent without having to enter my passphrase
@op - I do just this under xfce4. What greeter are you using?
I simply enter my username and password via login at the tty. Login belongs to the shadow package.
Offline