On Thu, May 02, 2002 at 11:22:24AM +0100, Dougie Nisbet wrote:
> On Thursday 02 May 2002 9:51 am, Karl E. Jorgensen wrote:
> >
> > [ snip, snip, snip ]
> >
> > > and type it in, rather than from a telnet session. i.e. The telnet
> > > session produces: dougie@guestw:~$ ssh-add
> > > Could not open a connection to your authentication agent.
> >
> > !?
> >
> > You should only need ssh-agent running on the machine where *you* sit.
>
> I'm a bit confused by this. Surely if I'm sitting in from of the laptop
> (vaiow) and want to ssh to the server (guestw) - doesn't the ssh-agent need
> to be running on guestw?
No. It just needs to run sshd.
Think of ssh-agent as the guardian of your keyring; it will hand out our
private key to (local) processes who request it. Hence, it will need
your key passphrase upon ssh-add, after which it can hand out the key to
subsequent ssh invocations. (this explanation is probably a bit
simplistic; but I believe that it is largely correct). man ssh-agent(1)
for the full (and authoritative) gory story.
You don't *have to* run ssh-agent. However it is handy when you have a
phassphrase on your keys, as this avoids you having to retype it every
time you use ssh/scp. If you use keys without a passphrase (Guard them
with your life if you do!), then you would not benefit from using
ssh-agent.
> > However, for processes to talk to ssh-agent, they need a couple of
> > environment variables and whathaveyou. I put this in my ~/.xsession
> >
> > eval $( ssh-agent )
> >
> > (where to put this depends on how you start X. My gdm is set up to use
> > xsession for me. I like the control).
>
> I've seen references to .xsession in the man pages, but I don't have a file
> called .xsession. Perhaps it's because I'm running kde. But a ps shows it's
> running anyway, so I haven't prodded things too hard.
So I presume that you're running kdm and log in through there? Then
~/.xsession may well not be relevant for you; I don't use KDE myself.
KDE may actually have an option for starting ssh-agent up itself (but I
doubt it).
I use gnome, but I forced my login to be a standard "xsession" login
(hence it obeys ~/.xsession). The last thing in my ~/.xsession is to
invoke gnome-session, so it is largely identical to a standard
gnome-session - except that I get to do my own stuff (ssh-agent,
xmodmap, unclutter etc) first. You may be able to do something similar
in KDE.
> But, fingers crossed, things are looking ok now. Must remember not to
> reboot! The laptop is perched on the window-ledge in the kitchen,
> getting the odd splash of oil and beer. Hadn't been rebooted for two
> months until this morning!
Why the reboot ? Don't drink the oil.
--
PGP signed and encrypted | .''`. |** Debian GNU/Linux **
messages preferred. | : :' : | By professionals,
www.karl.jorgensen.com | \. `' | for professionals
| `- | http://www.debian.org/
Attachment:
pgpriNN1cmB1Z.pgp
Description: PGP signature