Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Keychain Upon Boot Up Not Working
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
dman777
l33t
l33t


Joined: 10 Jan 2007
Posts: 907

PostPosted: Mon Mar 03, 2014 3:44 pm    Post subject: Keychain Upon Boot Up Not Working Reply with quote

I am trying to make ssh Keychain work automatically upon boot up. I wan to have multiple ssh sessions for the one key I have without having to enter the pass phrase.

in .xinitrc I have:
Code:
eval `ssh-agent`


in .bash_profile:

Code:
# /etc/skel/.bash_profile

# This file is sourced by bash for login shells.  The following line
# runs your .bashrc and is recommended by the bash info pages.
[[ -f ~/.bashrc ]] && . ~/.bashrc
keychain ~/.ssh/id_ecdsa
~/.keychain/$HOSTNAME-sh
~/.keychain/$HOSTNAME-sh-gpg
xinit


But it's not working because in my urxvt sessions when I ssh enter my servers, it still asks me for my passphrase. In addition, I have to enter my passphrase everytime I boot up my Gentoo laptop. Any suggestions, please?
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 5624
Location: Room 101

PostPosted: Mon Mar 03, 2014 7:32 pm    Post subject: Reply with quote

dman777 ...

firstly, in the above you're forgetting to 'source' the resulting file that would provide the $SSH_AGENT_PID and $SSH_AUTH_SOCK ...

Code:
keychain ~/.ssh/id_ecdsa
source ~/.keychain/${HOST}-sh

In my case (its been a while since I used keychain) I had the env "$HOST" rather than "$HOSTNAME" ... currently I don't see $HOSTNAME in my env.

Also, keychain requires an interactive shell, in the case of X there is none, at least until urxvt is started and at that point the environment variables will only be passed on to the children of that shell. This is why keychain is run in the login shell (console), it seems from the above you may be expecting to have this setup as part of your X initialisation ... and its not really designed to do this.

Anyhow, you may want to look at sys-auth/pam_ssh which sets up ssh-agent on login (providing the pass to the key is used).

Code:
# grep ssh /etc/pam.d/system-auth
auth      sufficient   pam_ssh.so
session      optional   pam_ssh.so

I'm not sure if/how this works with XDM/GDM/KDM logins (as I don't use them) but it may, otherwise, it will provide a single password login ... and using the login, setup ssh-agent.

HTH & best ... khay
Back to top
View user's profile Send private message
dman777
l33t
l33t


Joined: 10 Jan 2007
Posts: 907

PostPosted: Tue Mar 04, 2014 9:26 pm    Post subject: Reply with quote

Quote:
source ~/.keychain/$HOSTNAME-sh


This fixed it. Thanks! On every boot up it still asks me for the key pass phrase. Can this be by passed?
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 5624
Location: Room 101

PostPosted: Tue Mar 04, 2014 10:01 pm    Post subject: Reply with quote

dman777 wrote:
Quote:
source ~/.keychain/$HOSTNAME-sh

This fixed it. Thanks! On every boot up it still asks me for the key pass phrase. Can this be by passed?

dman777 ... you're welcome. You can have a passwordless key if thats what you mean.

Generally, keychain is run on 'login' .. so I'm not sure what you mean by "boot up", I'm inclined to think your booting to a GDM/XDM/KDM/Slim login screen (X11) ... if this is the case then really this isn't a use case that keychain was designed for ... you might want to look at sys-auth/pam_ssh.

HTH & best ... khay
Back to top
View user's profile Send private message
dman777
l33t
l33t


Joined: 10 Jan 2007
Posts: 907

PostPosted: Wed Mar 05, 2014 2:05 pm    Post subject: Reply with quote

No, there is no login manager....

from boot up I have:

Code:
/etc/local.d/local.start
login -f one


Code:
one@localhost ~ $ cat .bash_profile
# /etc/skel/.bash_profile

# This file is sourced by bash for login shells.  The following line
# runs your .bashrc and is recommended by the bash info pages.
[[ -f ~/.bashrc ]] && . ~/.bashrc
source keychain ~/.ssh/id_ecdsa
source ~/.keychain/$HOSTNAME-sh
#~/.keychain/$HOSTNAME-sh-gpg



and I get asked the key pass phrase each time on initial boot up.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 5624
Location: Room 101

PostPosted: Wed Mar 05, 2014 5:07 pm    Post subject: Reply with quote

dman777 wrote:
[...] and I get asked the key pass phrase each time on initial boot up.

dman777 ... ok, I see ... well, really you should use "agetty --autologin" for this and not /etc/local.d ... assuming your using sysvinit you would edit /etc/inittab like so ...

Code:
c1:12345:respawn:/sbin/agetty --autologin one --noclear 38400 tty1 linux

This will autologin user 'one' on tty1. This won't solve keychain asking for the password for the key but its the correct method for autologin. For the 'key' it seems you can do one of two things, 1). create a passwordless key (see: 'man ssh-keygen') or 2). use sys-app/pam_ssh and create a key with the same password as your login (though I can't say for certain this will work as 'agetty --autologin' may not query password credencials).

EDIT: the last suggestion (pam_ssh and a key with the same password as your login) doesn't work ... I just tested. This means that the only option (I can think of) is a passwordless key.

HTH & best ... khay
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum