Re: [CentOS] scp and key login
On Wed, 2008-10-01 at 11:37 -0400, Tony Schreiner wrote: ... > As far as I know that's right. Though it can be scripted into your > login. Been doing it so long I can't remember whom to credit, but I use the following snippet added to the end of ~/.bash_profile: #*# AGENTFILE=$HOME/.ssh/current-ssh-agent test -f $AGENTFILE && . $AGENTFILE if test -n "$SSH_AGENT_PID" \ && ps xo pid,comm | grep -q "$SSH_AGENT_PID ssh-agent$"; then if ssh-add -l >/dev/null; then # Everything seems OK. : else # Agent is running but knows no identities. echo SSH-AGENT: No identities. Remember to run ssh-add! fi else # No agent is running or AGENTFILE is lost - start a new one. if ps xo comm | grep -q "^ssh-agent$"; then echo SSH-AGENT: Stray ssh-agent\? Killing it. killall -TERM ssh-agent fi echo SSH-AGENT: A new agent started. Remember to run ssh-add! ssh-agent | grep -v '^echo' >$AGENTFILE fi . $AGENTFILE unset AGENTFILE #*# and this to ~/.bash_logout: #*# if test $(w -hsf $(id -un) | wc -l) = 1; then ssh-add -D fi #*# For KDE one can use a script "ssh-add.sh" containing the following in ~/.kde/Autostart to prompt for the passphrase: #!/bin/bash sleep 5 konsole --vt_sz 60x4--noframe --nomenubar --notoolbar --noscrollbar -e ssh-add Watch for line-wraps on the above, and remember to $ chmod +x ~/.kde/Autostart/ssh-add.sh Phil ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp and key login
Matt Hyclak wrote on Wed, 1 Oct 2008 11:52:14 -0400: > Keychain handles that for you. > > http://www.gentoo.org/proj/en/keychain Thanks for the info, no need for it anymore, though. I use Putty on Windows and connect to machine A and then scp from B to C. (That's why I said "no GUI".) So I needed agent forwarding from A to B to C. I just realized that Pageant (from Putty) provides agent forwarding if I set the sessions to allow this. So, I now connect directly to B and scp to C and don't need to run the agent on B anymore as the chain is short enough. The few times I need a forwarded session directly from the console I'll use the method Tony explained. Thank you both! Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp and key login
On Wed, Oct 01, 2008 at 05:31:43PM +0200, Kai Schaetzl enlightened us: > Tony Schreiner wrote on Wed, 1 Oct 2008 11:01:23 -0400: > > > ssh-agent $SHELL > > > > which will not need the above step, but will start another shell, so > > you will need to exit twice to logout. > > This works, thanks. There's nothing of that mentioned in man ssh-agent. > That also means I have to execute ssh-agent $SHELL and ssh-add each time I > login and want to use forwarding, right? > Keychain handles that for you. http://www.gentoo.org/proj/en/keychain/ Matt -- Matt Hyclak Systems and Operations Office of Information Technology Ohio University (740) 593-1222 pgpiBBnhF5pZn.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp and key login
On Oct 1, 2008, at 11:31 AM, Kai Schaetzl wrote: Tony Schreiner wrote on Wed, 1 Oct 2008 11:01:23 -0400: ssh-agent $SHELL which will not need the above step, but will start another shell, so you will need to exit twice to logout. This works, thanks. There's nothing of that mentioned in man ssh- agent. That also means I have to execute ssh-agent $SHELL and ssh-add each time I login and want to use forwarding, right? As far as I know that's right. Though it can be scripted into your login. Tony ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp and key login
Tony Schreiner wrote on Wed, 1 Oct 2008 11:01:23 -0400: > ssh-agent $SHELL > > which will not need the above step, but will start another shell, so > you will need to exit twice to logout. This works, thanks. There's nothing of that mentioned in man ssh-agent. That also means I have to execute ssh-agent $SHELL and ssh-add each time I login and want to use forwarding, right? > If you are running GNOME, there is also the gnome-ssh-askpass Not using a GUI. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp and key login
On Oct 1, 2008, at 9:31 AM, Kai Schaetzl wrote: Bent Terp wrote on Wed, 1 Oct 2008 13:53:44 +0200: Short version: Thanks for that! I seem to be doing something wrong. chacha:~ ssh-agent SSH_AUTH_SOCK=/tmp/ssh-pqqvN24337/agent.24337; export SSH_AUTH_SOCK; SSH_AGENT_PID=24338; export SSH_AGENT_PID; echo Agent pid 24338; chacha:~ ssh-add Could not open a connection to your authentication agent. chacha:~ ssh-agent -k SSH_AGENT_PID not set, cannot kill agent Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com You need to either: select and paste (to execute) the first two lines generated by the ssh-agent command or run ssh-agent $SHELL which will not need the above step, but will start another shell, so you will need to exit twice to logout. If you are running GNOME, there is also the gnome-ssh-askpass Tony Schreiner ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp and key login
Bent Terp wrote on Wed, 1 Oct 2008 13:53:44 +0200: > Short version: Thanks for that! I seem to be doing something wrong. chacha:~ ssh-agent SSH_AUTH_SOCK=/tmp/ssh-pqqvN24337/agent.24337; export SSH_AUTH_SOCK; SSH_AGENT_PID=24338; export SSH_AGENT_PID; echo Agent pid 24338; chacha:~ ssh-add Could not open a connection to your authentication agent. chacha:~ ssh-agent -k SSH_AGENT_PID not set, cannot kill agent Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp and key login
Short version: [EMAIL PROTECTED] ~]$ ssh-add Enter passphrase for /home/user/.ssh/id_dsa: Identity added: /home/user/.ssh/id_dsa (/home/user/.ssh/id_dsa) [EMAIL PROTECTED] ~]$ ssh -A [EMAIL PROTECTED] Last login: Wed Sep 31 25:74:52 2008 from 127.0.0.1 [EMAIL PROTECTED] ~]$ scp /tmp/CentOS.iso [EMAIL PROTECTED]:/tmp ;-) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp and key login
Bent Terp wrote on Wed, 1 Oct 2008 12:11:53 +0200: > nono, you need the agent forwarding for the first login (ssh -A ), > then then scp will (should) work, using the forwarded credentials to > contact the agent on the initial machine. Ok, then I have to read that article again, thanks! Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp and key login
On Tue, Sep 30, 2008 at 6:31 PM, Kai Schaetzl <[EMAIL PROTECTED]> wrote: > Thanks, the agent without forwarding might be enough. The article is a bit > general, though. I hope I can actually make this work with the few details nono, you need the agent forwarding for the first login (ssh -A ), then then scp will (should) work, using the forwarded credentials to contact the agent on the initial machine. BR Bent ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp and key login
Nate wrote on Mon, 29 Sep 2008 07:36:03 -0700 (PDT): > I think what your looking for is SSH agent forwarding > > http://unixwiz.net/techtips/ssh-agent-forwarding.html Thanks, the agent without forwarding might be enough. The article is a bit general, though. I hope I can actually make this work with the few details it gives. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] scp and key login
Kai Schaetzl wrote: > It seems the certificate-based login doesn't work on both sides of the > remote connection when using scp? I think what your looking for is SSH agent forwarding http://unixwiz.net/techtips/ssh-agent-forwarding.html nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] scp and key login
It seems the certificate-based login doesn't work on both sides of the remote connection when using scp? Scenario: User on PC A can SSH login to PCs B and C with his certificate, no password prompt. When User on PC A runs a scp operation from B to C he's asked for the password on C. Does the scp actually open a connection from B to C (User doesn't have a certificate on B)? This would explain the problem. I hoped to avoid such a problem by scping from a third machine that normally has certificate-based access to all machines. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
