I'm trying to learn the use of ssh-agent. Why don't the environment vars SSH_AGENT_PID, SSH_AUTH_SOCK get set? I run ssh-agent and get: ashley@myhost:~ > ssh-agent SSH_AUTH_SOCK=/tmp/ssh-XXap8e9I/agent.27104; export SSH_AUTH_SOCK; SSH_AGENT_PID=27105; export SSH_AGENT_PID; echo Agent pid 27105; I check the pid: ashley@myhost:~ > ps aux . . ashley 27105 0.0 0.0 1628 636 ? S 10:56 0:00 ssh-agent ashley 27106 0.0 0.0 2420 724 pts/2 R 10:57 0:00 ps aux But the environment vars are not available: ashley@myhost:~ > echo $SSH_AGENT_PID ashley@myhost:~ > ssh-agent -k SSH_AGENT_PID not set, cannot kill agent If I set them by hand all is well: ashley@myhost:~ > SSH_AGENT_PID=27105 ashley@myhost:~ > export $SSH_AGENT_PID ashley@myhost:~ > echo $SSH_AGENT_PID 27105 ashley@myhost:~ > ssh-agent -k unset SSH_AUTH_SOCK; unset SSH_AGENT_PID; echo Agent pid 27105 killed; If I select the output of ssh-agent with the mouse and execute it, everything is fine. How can I get ssh-agent to do this by itself? I tried this : ashley@myhost:~ > ssh-agent |bash -x + SSH_AUTH_SOCK=/tmp/ssh-XXAv2eMv/agent.27247 + export SSH_AUTH_SOCK + SSH_AGENT_PID=27249 + export SSH_AGENT_PID + echo Agent pid 27249 Agent pid 27249 ashley@myhost:~ > echo $SSH_AGENT_PID ashley@myhost:~ > Oh,well. I'm obviously missing something. It seems to me that a 558 page O'Reilly bood may be overkill, but the manpages alone aren't enough for some of us slow ones. -- -ashley One of these days I'm going to completely organize my life.
I found this out a while ago and come up with a small fix. If you run the following: ssh-agent > $HOME/.agent-tmp source $HOME/.agent-tmp rm $HOME/.agent-tmp Then this will correctly set the variables. However, this probably isn't the best solution, But is works, in either starting ssh-agent in X or in a console login. -- Phillip Beal ___ _ _ Electrical and Computer Engineering | _ ) ___ __ _| |___ _ _ ___| |_ pdbeal@louisville.edu | _ \/ -_) _` | |_ /_| ' \/ -_) _| http://www.bealz.net/ |___/\___\__,_|_/__(_)_||_\___|\__|
Hello, On Fri, Apr 13, 2001 at 08:55:01PM -0400, Phillip D. Beal wrote:
I found this out a while ago and come up with a small fix. If you run the following: (...)
Do not guess, read the documentation. It is right there at the beginning of the man-page: SSH-AGENT(1) SSH SSH-AGENT(1) NAME ssh-agent - authentication agent SYNOPSIS ssh-agent command eval `ssh-agent [-k] [-s] [-c]` DESCRIPTION Ssh-agent is a program to hold authentication private keys. The idea is that ssh-agent is started in the begin ning of an X-session or a login session, and all other windows or programs are started as children of the ssh- agent program (the command normally starts X or is the user shell). Programs started under the agent inherit a (...) HTH Johannes
We have different man pages. I'm running openssh 2.3.0p1 that ships with SuSE 7.1. My man page looks like this: SSH-AGENT(1) System Reference Manual SSH-AGENT(1) NAME ssh-agent - authentication agent SYNOPSIS ssh-agent [-c | -s] [-k] [command [args ...]] I am still culpable of lameness, however. For later it says: There are two main ways to get an agent setup: Either you let the agent start a new subcommand into which some environment variables are export ed, or you let the agent print the needed shell commands (either sh(1) or csh(1) syntax can be generated) which can be evalled in the calling ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ shell. Later ssh(1) look at these variables and use them to establish a connection to the agent. 'Evalled' to my ears sounds like the name of a kingdom from a Swords and Scorcery novel. What is so blasphemous about including a few usage examples in man pages? On Sat, Apr 14, 2001 at 10:49:49AM +0200, Johannes Geiger wrote:
Hello,
On Fri, Apr 13, 2001 at 08:55:01PM -0400, Phillip D. Beal wrote:
I found this out a while ago and come up with a small fix. If you run the following: (...)
Do not guess, read the documentation. It is right there at the beginning of the man-page:
SSH-AGENT(1) SSH SSH-AGENT(1)
NAME ssh-agent - authentication agent
SYNOPSIS ssh-agent command
eval `ssh-agent [-k] [-s] [-c]`
DESCRIPTION Ssh-agent is a program to hold authentication private keys. The idea is that ssh-agent is started in the begin ning of an X-session or a login session, and all other windows or programs are started as children of the ssh- agent program (the command normally starts X or is the user shell). Programs started under the agent inherit a (...)
HTH
Johannes
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- -ashley One of these days I'm going to completely organize my life.
[ getting slightly OT for -security ] On Sat, Apr 14, 2001 at 01:36 -0700, Ashley wrote:
[ ... OpenSSH 2.3 manpage snippet ... ]
'Evalled' to my ears sounds like the name of a kingdom from a Swords and Scorcery novel. What is so blasphemous about including a few usage examples in man pages?
It looks like you have some kind of clearly identified what's missing and - now that you have seen some solutions - know best what helpful examples could look like. Now I suggest you take the manpage, improve it and feed back _your_ contribution to the project. This way in future all users with the same problem can benefit from the time you've spend on solving your situation. :> virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
On Fri, 13 Apr 2001, Ashley wrote:
I run ssh-agent and get:
ashley@myhost:~ > ssh-agent SSH_AUTH_SOCK=/tmp/ssh-XXap8e9I/agent.27104; export SSH_AUTH_SOCK; SSH_AGENT_PID=27105; export SSH_AGENT_PID; echo Agent pid 27105;
Hello Ashley, I don't know about ssh-agent, but perhaps "eval `ssh-agent`" is, what you want. Cheers, Peter -- Peter Münster http://notrix.net/pm-vcard
On Fri, Apr 13, 2001 at 08:47 -0700, Ashley wrote:
I'm trying to learn the use of ssh-agent. Why don't the environment vars SSH_AGENT_PID, SSH_AUTH_SOCK get set?
You might use ssh-agent(1) in a way it wasn't designed for. Read the manpage once more and look at the "command" discussion. ----- from the OpenSSH 2.3.0 manpage ---------------------------- [ ... ] SYNOPSIS ssh-agent [-c | -s] [-k] [command [args ...]] DESCRIPTION [ ... ] If a commandline is given, this is executed as a subprocess of the agent. When the command dies, so does the agent. [ ... ] There are two main ways to get an agent setup: Either you let the agent start a new subcommand into which some environment variables are export- ed, or you let the agent print the needed shell commands (either sh(1) or csh(1) syntax can be generated) which can be evalled in the calling shell. Later ssh(1) look at these variables and use them to establish a connection to the agent. [ ... ] ----------------------------------------------------------------- IIUC you're supposed to fork off your "regular working session" from the agent, because it hands the essential data to all of its children easily. Everything else (grabbing the socket as superuser or doing so as another instance of the same user -- that's basically what you are trying to do) is a hack. You see that you had to "eval" the output somewhere else (and thus transport the info there by some means). "ssh-agent $SHELL" might help you. Or "ssh-agent $HOW_I_START_X" or something. Wherever it's convenient for you to invoke the agent and whatever is your regular environment your sessions run in. "eval `ssh-agent`" might work, too (you see how it's similar to the resize(1) command?). But then you have to explicitely kill it later plus remove the administrative info (like "eval `ssh-agent -k`"). Why not just start working and have it die when you're done? virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
On Friday, April 13, 2001 08:47:25 AM -0700 Ashley <ashleyg@dnai.com> wrote: +------ | | I'm trying to learn the use of ssh-agent. Why don't the environment vars | SSH_AGENT_PID, SSH_AUTH_SOCK get set? I removed most of the text because I didn't think it relevant. No process can change the environment of another process (I know that this isn't true but it is nearly true) so you need to: eval `ssh-agent` if you want to set the evnironment of the current shell. However as you are posting to a SuSE list I presume that you are running SuSE and that you are using ?dm to login. In the default .xsession there is a variable called usessh and if it is set to yes then ssh-agent is run for you provided that you have a .xinitrc which is also the default. /Michael -- This space intentionally left non-blank.
participants (6)
-
Ashley -
Gerhard Sittig -
Johannes Geiger -
Michael Salmon -
Peter Münster -
Phillip D. Beal