[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh-agent (was: using a remote IMAP server and smarthost)

On Thu, Aug 30, 2007 at 12:59:10 +0100, Richard Lyons wrote:
> On Thu, Aug 30, 2007 at 01:00:44AM +0200, Florian Kulzer wrote:

[...]

> > Ssh-agent is part of the openssh-client package. It should be started
> > with every X session by the /etc/X11/Xsession.d/90x11-common_ssh-agent
> > script. (See "ps -e | grep ssh-agent".)
> 
> Oh yes, I see it is set up to start if available...
> > 
> > However, ssh-agent needs a frontend to handle the interaction with the
> > user when a passphrase for a private key has to be entered. This seems
> > to be what you are missing. Install one of the packages that provide
> > "ssh-askpass":
> 
> I installed gtk-led-askpass and added a line "/usr/bin/gtk-led-askpass" in
> ~/GNUstep/Library/WindowMaker/autostart, but this simply caused Xwindows
> to open in a frozen state (waiting for my response on a non-visible
> window, I assume since the ssh-agent process was running). This is
> probably easy enough to resolve, but it will still require me to enter
> the reasonably secure passphrase (read "excessively long") that I chose,
> so perhaps I shall stay with method 1, the ssh tunnel, which works
> easily enough.

I realize now that I made a mistake in my earlier mail: At the start of
the X session I run "ssh-add" and not gtk-led-askpass. It seems that
this also works for windowmaker:

http://www.windowmaker.info/faq.php?chapter=5#109

(I think you don't need the "eval `ssh-agent`" line since that part is
 already handled by /etc/X11/Xsession.d/90x11-common_ssh-agent.)

> The only thing that would make it more convenient still would be if I
> could see how to write scripts to open and close the tunnel.  They would
> need to check if it is already open first.  When opening or closing the
> tunnel the scripts would also set sendmail= apropriately.  Then I could
> map them to hotkeys in mutt.  When I am attached to our home network, I
> can send direct, but when I am on a laptop elsewhere or in Italy I need
> to use the tunnelling.  So the possibility of easy switching would be
> useful.

I never tried to set up something like that. I don't think you need port
forwarding if you have the remote execution of msmtp working, no matter
where you are. Just add your laptop's id_*.pub identities to
~/.ssh/authorized_keys on the vm. Of course, this requires that ssh
works from wherever you are, but if ssh does not work than you cannot
use port forwarding either.

-- 
Regards,            | http://users.icfo.es/Florian.Kulzer
          Florian   |
Reply to: