Re: [vox-tech] ssh-agent help
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] ssh-agent help
On Thu, Oct 23, 2003 at 07:05:44AM -0700, p@dirac.org wrote:
> trying to understand ssh-agent...
>
> my understanding is that for ssh-agent to be useful, the process needs
> to be an ancestor of all your login (vc) and non-login (xterm) shells.
It doesn't need to be the ancestor of your shells - it needs to have
certain environment variables in the shells so that whenever you
randomly call ssh, ssh can use those environment variables to find out
how to talk to ssh-agent.
> where should it be run from?
As a result, a good place to start it from is .login (.profile for you
bash guys) and from .xsession, if that's not running .login or .profile
first (this assumes you use .xsession).
> login shells source /etc/profile, so when i log into a virtual console
> and type "startx", it should be an ancestor of all my xterms.
>
> but in my /etc/bash.bashrc, i source /etc/profile. will that cause
> problems with ssh-agent running separately for each xterm i create?
>
Even as I described, there is still a problem with this, and that is
that every virtual console you log into (and I frequently log into three
or four at a time) will have its own copy of ssh-agent running. The
keychain package (apt-get install keychain) includes a utility that can
ensure that a user only has one ssh-agent running. Instead of running
ssh-agent in your .login, .profile, and .xsession, run the following two
lines (for tcsh) in those files.
keychain -q ${HOME}/.ssh/id_rsa ${HOME}/.ssh/id_dsa >& /dev/null
source $HOME/.keychain/*-csh
--
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 10/14/2003. If you use GPG, *please* see me about
signing the key. ***** My computer can't give you viruses by email. ***
Attachment:
signature.asc
Description: Digital signature
|
