View previous topic :: View next topic |
Author |
Message |
dman777 Veteran
Joined: 10 Jan 2007 Posts: 1004
|
Posted: Mon Mar 03, 2014 3:44 pm Post subject: Keychain Upon Boot Up Not Working |
|
|
I am trying to make ssh Keychain work automatically upon boot up. I wan to have multiple ssh sessions for the one key I have without having to enter the pass phrase.
in .xinitrc I have:
in .bash_profile:
Code: | # /etc/skel/.bash_profile
# This file is sourced by bash for login shells. The following line
# runs your .bashrc and is recommended by the bash info pages.
[[ -f ~/.bashrc ]] && . ~/.bashrc
keychain ~/.ssh/id_ecdsa
~/.keychain/$HOSTNAME-sh
~/.keychain/$HOSTNAME-sh-gpg
xinit |
But it's not working because in my urxvt sessions when I ssh enter my servers, it still asks me for my passphrase. In addition, I have to enter my passphrase everytime I boot up my Gentoo laptop. Any suggestions, please? |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Mon Mar 03, 2014 7:32 pm Post subject: |
|
|
dman777 ...
firstly, in the above you're forgetting to 'source' the resulting file that would provide the $SSH_AGENT_PID and $SSH_AUTH_SOCK ...
Code: | keychain ~/.ssh/id_ecdsa
source ~/.keychain/${HOST}-sh |
In my case (its been a while since I used keychain) I had the env "$HOST" rather than "$HOSTNAME" ... currently I don't see $HOSTNAME in my env.
Also, keychain requires an interactive shell, in the case of X there is none, at least until urxvt is started and at that point the environment variables will only be passed on to the children of that shell. This is why keychain is run in the login shell (console), it seems from the above you may be expecting to have this setup as part of your X initialisation ... and its not really designed to do this.
Anyhow, you may want to look at sys-auth/pam_ssh which sets up ssh-agent on login (providing the pass to the key is used).
Code: | # grep ssh /etc/pam.d/system-auth
auth sufficient pam_ssh.so
session optional pam_ssh.so |
I'm not sure if/how this works with XDM/GDM/KDM logins (as I don't use them) but it may, otherwise, it will provide a single password login ... and using the login, setup ssh-agent.
HTH & best ... khay |
|
Back to top |
|
|
dman777 Veteran
Joined: 10 Jan 2007 Posts: 1004
|
Posted: Tue Mar 04, 2014 9:26 pm Post subject: |
|
|
Quote: | source ~/.keychain/$HOSTNAME-sh |
This fixed it. Thanks! On every boot up it still asks me for the key pass phrase. Can this be by passed? |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Tue Mar 04, 2014 10:01 pm Post subject: |
|
|
dman777 wrote: | Quote: | source ~/.keychain/$HOSTNAME-sh |
This fixed it. Thanks! On every boot up it still asks me for the key pass phrase. Can this be by passed? |
dman777 ... you're welcome. You can have a passwordless key if thats what you mean.
Generally, keychain is run on 'login' .. so I'm not sure what you mean by "boot up", I'm inclined to think your booting to a GDM/XDM/KDM/Slim login screen (X11) ... if this is the case then really this isn't a use case that keychain was designed for ... you might want to look at sys-auth/pam_ssh.
HTH & best ... khay |
|
Back to top |
|
|
dman777 Veteran
Joined: 10 Jan 2007 Posts: 1004
|
Posted: Wed Mar 05, 2014 2:05 pm Post subject: |
|
|
No, there is no login manager....
from boot up I have:
Code: | /etc/local.d/local.start
login -f one |
Code: | one@localhost ~ $ cat .bash_profile
# /etc/skel/.bash_profile
# This file is sourced by bash for login shells. The following line
# runs your .bashrc and is recommended by the bash info pages.
[[ -f ~/.bashrc ]] && . ~/.bashrc
source keychain ~/.ssh/id_ecdsa
source ~/.keychain/$HOSTNAME-sh
#~/.keychain/$HOSTNAME-sh-gpg |
and I get asked the key pass phrase each time on initial boot up. |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Wed Mar 05, 2014 5:07 pm Post subject: |
|
|
dman777 wrote: | [...] and I get asked the key pass phrase each time on initial boot up. |
dman777 ... ok, I see ... well, really you should use "agetty --autologin" for this and not /etc/local.d ... assuming your using sysvinit you would edit /etc/inittab like so ...
Code: | c1:12345:respawn:/sbin/agetty --autologin one --noclear 38400 tty1 linux |
This will autologin user 'one' on tty1. This won't solve keychain asking for the password for the key but its the correct method for autologin. For the 'key' it seems you can do one of two things, 1). create a passwordless key (see: 'man ssh-keygen') or 2). use sys-app/pam_ssh and create a key with the same password as your login (though I can't say for certain this will work as 'agetty --autologin' may not query password credencials).
EDIT: the last suggestion (pam_ssh and a key with the same password as your login) doesn't work ... I just tested. This means that the only option (I can think of) is a passwordless key.
HTH & best ... khay |
|
Back to top |
|
|
|