Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'how to make it so much easier' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
how to make it so much easier
Authored by: theegor on Dec 04, '02 11:14:19AM

All of these solutions are over-kill. ssh-agent already offers a fine solution. I run the following script in my .bash_profile:

# Start an ssh-agent for global use (and detect agent-forwarding).
if [ -z "$SSH_AUTH_SOCK" -o ! -p "$SSH_AUTH_SOCK" ] ; then
export SSH_AUTH_SOCK=/tmp/ssh-yoda-agent
if [ ! -p "$SSH_AUTH_SOCK" ] ; then
ssh-agent -a $SSH_AUTH_SOCK
fi
fi

The first time you open a terminal, or login via ssh, the agent will start (unless it detects agent forwarding). All of your ssh clients will automatically use the same agent unix-domain bind address. Thus it is global throughout the system for your user account. No need to worry about race conditions either ... ssh-agent avoids them.

If you use Aqua apps which need environment variables for ssh, then set them in ~/.MacOSX/environment.plist like so:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CVS_RSH</key>
<string>/usr/bin/ssh</string>
<key>SSH_AUTH_SOCK</key>
<string>/tmp/ssh-yoda-agent</string>
</dict>
</plist>

Re-login to cause Aqua to recognize the new environment variables.

You don't need a program to run at login time to dynamically set SSH_AUTH_SOCK. since my solution always uses the same filename for SSH_AUTH_SOCK.

Notice how simple this is? Read the ssh-agent man page if you don't agree ...



[ Reply to This | # ]
how to make it so much easier AND SECURE :)
Authored by: fredcondo on Jan 25, '03 05:29:42PM

The method above is great, except that it probably creates the socket with 755 permissions. The pipe should be readable only by you. I use this script to implement your suggestion. I know it seems a little fancy; I got the basic idea from a hint somewhere, and was already using the script. When I made the path of the socket file invariant, I also added the three umask commands to protect the socket from prying eyes.

#!/bin/sh -
# checks for running ssh-agent, and starts one if not running

SSH_ENV=$HOME/.ssh/environment.setup
PIPE=some_made_up_string
function start_agent {
echo -n "Initializing new ssh-agent ... "
touch ${SSH_ENV}
ssh-agent -a /tmp/$PIPE > ${SSH_ENV}
. ${SSH_ENV} > /dev/null

ssh-add $HOME/.ssh/id_rsa $HOME/.ssh/id_dsa && \
ssh-add -l

}

OUMASK=`umask`
umask 077
if [ -f ${SSH_ENV} ]; then

. ${SSH_ENV} > /dev/null
ps ${SSH_AGENT_PID} | grep "ssh-agent" > /dev/null 2>&1

if [ $? -ne 0 ]; then
start_agent
fi

else
start_agent
fi
umask $OUMASK



[ Reply to This | # ]
how to make it so much easier
Authored by: thvv on Dec 24, '03 09:25:14AM
The hint as posted did not work for me on Panther. Three things were missing.. backticks around the ssh-agent, -s on the ssh-agent, and -S instead of -p in the tests.


# Start an ssh-agent for global use (and detect agent-forwarding).
if [ -z "$SSH_AUTH_SOCK" -o ! -S "$SSH_AUTH_SOCK" ] ; then
export SSH_AUTH_SOCK=/tmp/ssh-yoda-agent
if [ ! -S "$SSH_AUTH_SOCK" ] ; then
`ssh-agent -a $SSH_AUTH_SOCK -s`
fi
fi


[ Reply to This | # ]