On Thu, May 02, 2002 at 11:22:24AM +0100, Dougie Nisbet wrote: > On Thursday 02 May 2002 9:51 am, Karl E. Jorgensen wrote: > > > > [ snip, snip, snip ] > > > > > and type it in, rather than from a telnet session. i.e. The telnet > > > session produces: dougie@guestw:~$ ssh-add > > > Could not open a connection to your authentication agent. > > > > !? > > > > You should only need ssh-agent running on the machine where *you* sit. > > I'm a bit confused by this. Surely if I'm sitting in from of the laptop > (vaiow) and want to ssh to the server (guestw) - doesn't the ssh-agent need > to be running on guestw? No. It just needs to run sshd. Think of ssh-agent as the guardian of your keyring; it will hand out our private key to (local) processes who request it. Hence, it will need your key passphrase upon ssh-add, after which it can hand out the key to subsequent ssh invocations. (this explanation is probably a bit simplistic; but I believe that it is largely correct). man ssh-agent(1) for the full (and authoritative) gory story. You don't *have to* run ssh-agent. However it is handy when you have a phassphrase on your keys, as this avoids you having to retype it every time you use ssh/scp. If you use keys without a passphrase (Guard them with your life if you do!), then you would not benefit from using ssh-agent. > > However, for processes to talk to ssh-agent, they need a couple of > > environment variables and whathaveyou. I put this in my ~/.xsession > > > > eval $( ssh-agent ) > > > > (where to put this depends on how you start X. My gdm is set up to use > > xsession for me. I like the control). > > I've seen references to .xsession in the man pages, but I don't have a file > called .xsession. Perhaps it's because I'm running kde. But a ps shows it's > running anyway, so I haven't prodded things too hard. So I presume that you're running kdm and log in through there? Then ~/.xsession may well not be relevant for you; I don't use KDE myself. KDE may actually have an option for starting ssh-agent up itself (but I doubt it). I use gnome, but I forced my login to be a standard "xsession" login (hence it obeys ~/.xsession). The last thing in my ~/.xsession is to invoke gnome-session, so it is largely identical to a standard gnome-session - except that I get to do my own stuff (ssh-agent, xmodmap, unclutter etc) first. You may be able to do something similar in KDE. > But, fingers crossed, things are looking ok now. Must remember not to > reboot! The laptop is perched on the window-ledge in the kitchen, > getting the odd splash of oil and beer. Hadn't been rebooted for two > months until this morning! Why the reboot ? Don't drink the oil. -- PGP signed and encrypted | .''`. |** Debian GNU/Linux ** messages preferred. | : :' : | By professionals, www.karl.jorgensen.com | \. `' | for professionals | `- | http://www.debian.org/
Attachment:
pgpriNN1cmB1Z.pgp
Description: PGP signature