Setting up ssh-agent on ubuntu/kubuntu
Last week I got tired of typing passwords. Well what really was happening was that I decided to start using svn (or subversion) for all of our source code. And I like that fact that svn can work over ssh. So I set up our own archive on our main machine and started to fill it up. But using svn over ssh also means that you need to specify you password a number of times, and even more that once for a svn command.
I have no problems with typing in my password when I log in to a server, but now it was getting a bit annoying.
ssh-agent
Well one of the solutions is ssh-agent. This little program sits and holds the key and send them on towards a new system. I can also forwards it if you login with ssh to another machine (if you allows it). The best way to run it is as a main program and have all other programs to be a childes to it. Then all the settings and so it inherited. And guess what – ubuntu and kubuntu does that. When you login and startup X it seems that ssh-agent is started by default.
To make it even simpler its a good thing to add you main key to it. You can do that with the command:
ssh-add
and it will ask for the key for the private keys you have in your ssh directory. An even better version is to have ssh-add run as the X system starts up. To do this you need to install the package ssh-askpass. This contains a small X11 program that will grab the keyboard and allow you to enter the key. Install it with:
sudo apt-get install ssh-askpass
Autostart of ssh-add
When we now have that installed we can setup so that we get ssh-add to run when we tart up X.
create a file .kde/Autostart/ssh-add.sh
With this content:
#!/bin/sh # set SSH_ASKPASS if not set elsewhere export SSH_ASKPASS=/usr/bin/ssh-askpass ssh-add </dev/null
This will start ssh-add and popup a windows asking for the password. Set the right permissions on it with:
chmod 755 .kde/Autostart/ssh-add.sh
Ths only thing now it to forward ssh-agent requests if you whant that. I did write about my way of creating small scripts fo conecting to other servers here, and I now added a -A flag to the ssh command line to get that to work. Then when you log in to a new server you dont have to enter the password and if you run ssh (or svn over ssh) on that machone the password questions gets back to the original ssh-agent.
