This is probably more for my own future reference than anything of worth to other people, but as long as I’m going to bother writing notes to future-me (cut the blue wire!), I figured I’d share in case it helps.

I have a key agent setup on my primary desktop computer, that pesters me for my pass-phrase the first time I open an X-term. That setup works pretty well, since the only time I find myself spending much time at a tty console is when I’m fetching new Nvidia drivers. On my killer new-used Titanium G4 PowerBook (thanks C4), I’m predicting less face-time with X[.org]. It’s fast, compared to the Pentium 2 266Mhz it’s replacing, but until it gets some more RAM, and a replacement PRAM battery (apparently components of my desktop environment don’t like to start when my computer is reliving the past) I’ve decided to start in text-mode, and progress to X as needed.

Objectives

• Only type my too-damned-long pass phrase once unless I log out of my machine on all ttys
• Don’t spawn new ssh-agents for each login of the same user
• Apply above to xterm shells
• Cleanup after itself

It’s probably important to note here that I removed my desktop manager from /etc/rc?.d, that’s my personal preference, and these bash profile changes won’t be all that useful to you if you’re not like me (probably should have mentioned that sooner) and prefer to login have your logins handled by XDM/GDM/KDM.

If you’re using something more clever for your ssh key files than the default names, you’ll want to mention that to ssh-add before running these scripts. If you don’t have ssh keys already, you’re missing out, here’s a quick primer

drc@ein:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/drc/.ssh/id_rsa): (Just hit enter here, is fine)
Enter passphrase (empty for no passphrase):  (Seriously, put a password here, especially on a laptop)
Enter same passphrase again:
Your identification has been saved in /home/drc/.ssh/id_rsa.
Your public key has been saved in /home/drc/.ssh/id_rsa.pub.
The key fingerprint is:
ea:7d:ea:dc:a7:52:fe:ed:04:20:24:07:dr:c1:23:07 drc@ein

Neat, now you have to put your public key some place that you login to frequently, copy it over to your .ssh/authorized_keys file on the remote system, when I feel like doing this in a needlessly complicated way, I type:

drc@ein:~$ cat ~/.ssh/id_rsa.pub |ssh drc@gibson.example.org "cat >>~/.ssh/authorized_keys ; chmod go-r ~/.ssh_authorized_keys"

Course, for that to work you’d have to have a login at gibson.example.org named drc, otherwise, I suggest you replace that with your username@yourremotehost.tld.. Also, you’ll need an .ssh directory already on the remote system, you should have one if you’ve been ssh’ing from that system before (not just to it). If you don’t already have one there, maybe you should re-think how much you actually need ssh for whatever it is that *you* do.
Back to the ssh-agent setup

Add the following to the end of your .bash_profile in your home directory

if ! [ -f ~/.ssh/keymanager ]; then
   if [ "${TTY:0:3}" = "tty" ]; then
      eval `/usr/bin/ssh-agent`
      /usr/bin/ssh-add
      echo "export SSH_AGENT_PID=$SSH_AGENT_PID" >~/.ssh/keymanager
      echo "export SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >>~/.ssh/keymanager
   fi
else
   eval `cat ~/.ssh/keymanager`
fi

Next add the following to the end of your .bashrc

TTY=`tty |cut -c 6-`

Finally add the following to the end of your .bash_logout file

if [ "`who |grep -v $TTY |grep $USER`" = "" ]; then
   if [ -f ~/.ssh/keymanager ]; then
      rm ~/.ssh/keymanager
   fi
   if [ "`ps -p $SSH_AGENT_PID -o comm=`" = "ssh-agent" ]; then
      ssh-agent -k 2>&1 >/dev/null
   fi
fi

Great, your done, enjoy, hopefully it works, if not, I probably don’t care

Comments Off

Although I have yet to be asked where my 1337 skillz at web design come from, I imagine my part of the conversation would go something like this:

drc’s Response:

Well Geraldo, I wish I could tell you that I was classically trained in web design, that I was plucked from obscurity by a renowned art institute such as Art Instruction Schools for my masterful renditions of cartoon turtles & pirates, but the truth of the matter is, I am quite simply a natural expert in my craft, much like yourself in the field of journalism.

Thought of the day: “You can’t fall on your ass if you don’t get off the ground.”

Comments Off