Hi,
I would like to use ssh-agent globally for X session (Debian/MATE if it matters). X session starts it itself and when I login to X locally it works as expected (SSH_AGENT_PID and SSH_AUTH_SOCK environment variables are set correctly). But if I connect to the host via x2go, strange things happen: in any terminal session SSH_AUTH_SOCK points to non-existing path and SSH_AGENT_PID is not set at all. I tried to work around this adding to ~/.bashrc:
if [ ! -S ~/.ssh/ssh_auth_sock ]; then
eval ssh-agent -s
ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock
fi
export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock
This way SSH_AUTH_SOCK is correct but SSH_AGENT_PID is surprisingly unset somethere. Any idea how to fix that?
On 2015-11-24 13:10, Dmitry Bely wrote:
Hi Dmitry,
This way SSH_AUTH_SOCK is correct but SSH_AGENT_PID is surprisingly unset somethere. Any idea how to fix that?
the PID is set via eval $(ssh-agent).
This is what I do:
[[ -s $HOME/.ssh-agent ]] || ssh-agent -s > $HOME/.ssh-agent source $HOME/.ssh-agent 2>&1 >/dev/null
if [[ -z "$SSH_AGENT_PID" ]] || ! ps -fp "$SSH_AGENT_PID" | grep -q ssh-agent; then ssh-agent -s > $HOME/.ssh-agent 2>&1 >/dev/null source $HOME/.ssh-agent 2>&1 >/dev/null fi
if ! ssh-add -l | grep -q id_dsa; then ssh-add $HOME/.ssh/id_dsa fi
Cheers
Dirk
Hi Dirk,
This way SSH_AUTH_SOCK is correct but SSH_AGENT_PID is surprisingly unset somethere. Any idea how to fix that?
the PID is set via eval $(ssh-agent).
Sure. The problem is that when I do "eval `ssh-agent" in ~/.bashrc, it sets SSH_AGENT_PID but then it's unset somewhere (where and why?). This happens only under x2go, SPICE session works as expected (but SPICE is unusable for other reasons)
This is what I do:
[[ -s $HOME/.ssh-agent ]] || ssh-agent -s > $HOME/.ssh-agent source $HOME/.ssh-agent 2>&1 >/dev/null
if [[ -z "$SSH_AGENT_PID" ]] || ! ps -fp "$SSH_AGENT_PID" | grep -q ssh-agent; then ssh-agent -s > $HOME/.ssh-agent 2>&1 >/dev/null source $HOME/.ssh-agent 2>&1 >/dev/null fi
if ! ssh-add -l | grep -q id_dsa; then ssh-add $HOME/.ssh/id_dsa fi
Where do you put this code? Do you have the only instance of ssh-agent per X session?
On 2015-11-25 09:45, Dmitry Bely wrote:
Hi Dmitry,
the PID is set via eval $(ssh-agent). Sure. The problem is that when I do "eval `ssh-agent" in ~/.bashrc, it sets SSH_AGENT_PID but then it's unset somewhere (where and why?). This happens only under x2go, SPICE session works as expected (but SPICE is unusable for other reasons)
every new session has to set the variable as well. It is not inherited automagically to other sessions.
Where do you put this code? Do you have the only instance of ssh-agent per X session?
Yes. This code is in my ~/.bashrc
Cheers
Dirk
Hi Dirk,
the PID is set via eval $(ssh-agent).
Sure. The problem is that when I do "eval `ssh-agent" in ~/.bashrc, it sets SSH_AGENT_PID but then it's unset somewhere (where and why?). This happens only under x2go, SPICE session works as expected (but SPICE is unusable for other reasons)
every new session has to set the variable as well. It is not inherited automagically to other sessions.
Where do you put this code? Do you have the only instance of ssh-agent per X session?
Yes. This code is in my ~/.bashrc
This way it still does not work for GUI apps launched from the desktop environment (MATE in my case). I'm trying to add ssh keys via keepass2/keeagent (it doesn't see ssh-agent) and then use them in other GUI apps (Eclipse etc.)
On 2015-11-25 10:56, Dmitry Bely wrote:
Hi Dmitry,
This way it still does not work for GUI apps launched from the desktop environment (MATE in my case). I'm trying to add ssh keys via keepass2/keeagent (it doesn't see ssh-agent) and then use them in other GUI apps (Eclipse etc.)
strange ... it works for me.
Cheers
Dirk
Hi Dirk,
This way it still does not work for GUI apps launched from the desktop environment (MATE in my case). I'm trying to add ssh keys via keepass2/keeagent (it doesn't see ssh-agent) and then use them in other GUI apps (Eclipse etc.)
strange ... it works for me.
keepass2 is started via
Exec=keepass2
in keepass2.desktop file; probably /bin/sh is not involved and so SSH_AGENT_PID is not set.
On 2015-11-25 13:19, Dmitry Bely wrote:
Hi Dmitry,
keepass2 is started via Exec=keepass2 in keepass2.desktop file; probably /bin/sh is not involved and so SSH_AGENT_PID is not set.
in this case use a wrapper-script.
--- 8< --- keepass.bash #!/bin/bash
source ~/.bashrc keepass2 --- >8 ---
and starat Keepass via.
Exec=/bin/bash /path/to/keepass.bash
Cheers
Dirk
On 11/24/2015 05:10 AM, Dmitry Bely wrote:
Hi,
I would like to use ssh-agent globally for X session (Debian/MATE if it matters). X session starts it itself and when I login to X locally it works as expected (SSH_AGENT_PID and SSH_AUTH_SOCK environment variables are set correctly). But if I connect to the host via x2go, strange things happen: in any terminal session SSH_AUTH_SOCK points to non-existing path and SSH_AGENT_PID is not set at all. I tried to work around this adding to ~/.bashrc:
if [ ! -S ~/.ssh/ssh_auth_sock ]; then eval
ssh-agent -s
ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock fi export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sockThis way SSH_AUTH_SOCK is correct but SSH_AGENT_PID is surprisingly unset somethere. Any idea how to fix that?
I don't quite follow what you mean by "globally". Are you using desktop-sharing and connecting to an existing X session and want to use that ssh-agent? In that case perhaps your x2go ssh connection is forwarding the ssh-agent connection from the client machine and you need to disable the agent forwarding.
-- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 http://www.nwra.com
Hi Orion,
On Thu, Nov 26, 2015 at 2:11 AM, Orion Poplawski <orion@cora.nwra.com> wrote:
On 11/24/2015 05:10 AM, Dmitry Bely wrote:
Hi,
I would like to use ssh-agent globally for X session (Debian/MATE if it matters). X session starts it itself and when I login to X locally it works as expected (SSH_AGENT_PID and SSH_AUTH_SOCK environment variables are set correctly). But if I connect to the host via x2go, strange things happen: in any terminal session SSH_AUTH_SOCK points to non-existing path and SSH_AGENT_PID is not set at all. I tried to work around this adding to ~/.bashrc:
if [ ! -S ~/.ssh/ssh_auth_sock ]; then eval
ssh-agent -s
ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock fi export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sockThis way SSH_AUTH_SOCK is correct but SSH_AGENT_PID is surprisingly unset somethere. Any idea how to fix that?
I don't quite follow what you mean by "globally". Are you using desktop-sharing and connecting to an existing X session and want to use that ssh-agent?
I need one ssh-agent per X session that all child processes can access.
In that case perhaps your x2go ssh connection is forwarding the ssh-agent connection from the client machine and you need to disable the agent forwarding.
Probably you are right. But how to disable it in QT4 x2goclient? If I add
Host * ForwardAgent no
to ~/.ssh/config it affects a separate ssh session but not x2goclient's one. And I failed to find any command line/GUI x2goclient option that is related to ssh agent forwarding.
On 12/01/2015 12:34 AM, Dmitry Bely wrote:
Hi Orion,
On Thu, Nov 26, 2015 at 2:11 AM, Orion Poplawski <orion@cora.nwra.com> wrote:
On 11/24/2015 05:10 AM, Dmitry Bely wrote:
Hi,
I would like to use ssh-agent globally for X session (Debian/MATE if it matters). X session starts it itself and when I login to X locally it works as expected (SSH_AGENT_PID and SSH_AUTH_SOCK environment variables are set correctly). But if I connect to the host via x2go, strange things happen: in any terminal session SSH_AUTH_SOCK points to non-existing path and SSH_AGENT_PID is not set at all. I tried to work around this adding to ~/.bashrc:
if [ ! -S ~/.ssh/ssh_auth_sock ]; then eval
ssh-agent -s
ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock fi export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sockThis way SSH_AUTH_SOCK is correct but SSH_AGENT_PID is surprisingly unset somethere. Any idea how to fix that?
I don't quite follow what you mean by "globally". Are you using desktop-sharing and connecting to an existing X session and want to use that ssh-agent?
I need one ssh-agent per X session that all child processes can access.
In that case perhaps your x2go ssh connection is forwarding the ssh-agent connection from the client machine and you need to disable the agent forwarding.
Probably you are right. But how to disable it in QT4 x2goclient? If I add
Host * ForwardAgent no
to ~/.ssh/config it affects a separate ssh session but not x2goclient's one. And I failed to find any command line/GUI x2goclient option that is related to ssh agent forwarding.
Hmm, it appears that the code never calls ssh_options_parse_config(), whether by intention or not I do not know. CCing the dev list to get their take on it. But the libssh docs indicate that it should be called: http://api.libssh.org/master/group__libssh__session.html#ga7a801b85800baa3f4...
And I can confirm that x2goclient does appear to forward the SSH_AGENT at least if using the ssh-agent for authentication to the remote server.
-- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion@cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com