Re: ssh-agent (was: using a remote IMAP server and smarthost)

[Ken Irving <fnkci@uaf.edu>]

On Thu, Aug 30, 2007 at 01:00:44AM +0200, Florian Kulzer wrote:
> On Tue, Aug 28, 2007 at 20:09:03 +0100, Richard Lyons wrote:
> > But, again if I understand Florian's earlier post, Method 2 requires the
> > use of sssh-agent.  And I cannot see fromt he man page how to use it or
> > configure it.
> > 
> > IF I simply let mutt run the script as above, I get
> > 
> >   ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory^M
> >   ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory^M
> >   ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory^M
> >   Permission denied (publickey,keyboard-interactive).
> >   
> > So I think I really need the ssh-agent.  Help anybody?
> 
> Ssh-agent is part of the openssh-client package. It should be started
> with every X session by the /etc/X11/Xsession.d/90x11-common_ssh-agent
> script. (See "ps -e | grep ssh-agent".)
> 
> However, ssh-agent needs a frontend to handle the interaction with the
> user when a passphrase for a private key has to be entered. This seems
> to be what you are missing. Install one of the packages that provide
> "ssh-askpass":
> ...

You can also explicitly provide a shell to ssh-agent, authorize using
ssh-add, and then ssh to any host on which you've placed your public
key(s) in .ssh/authorized_hosts.  I do that sometimes from consoles on
hosts not running X, for instance, e.g.,

    $ ssh-agent bash
    $ ssh-add  # ... prompts for passphrase
    $ ssh somehost
    $ ...

The keychain package can help when it comes to running cron jobs and
such by providing a script which you source to set a few variables to
the authorized keys.  You need to connect to the host once to authorize
those keys, but after that the jobs can run autonomously.  Not sure if
this is relevant...

Ken

-- 
Ken Irving, fnkci+debianuser@uaf.edu