From owner-ssh@clinet.fi Wed Dec 8 17:44:27 1999 Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by hutcs.cs.hut.fi (8.9.3/8.9.3) with ESMTP id RAA29365; Wed, 8 Dec 1999 17:44:27 +0200 (EET) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id RAA08681 for ssh-outgoing; Wed, 8 Dec 1999 17:29:29 +0200 Received: from k2.onsight.com (k2.onsight.com [209.176.244.34]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id RAA08677 for ; Wed, 8 Dec 1999 17:29:26 +0200 Received: (from bri@localhost) by k2.onsight.com (8.9.3/8.9.3) id JAA14137; Wed, 8 Dec 1999 09:29:15 -0600 Date: Wed, 8 Dec 1999 09:29:15 -0600 From: Brian Hatch To: James W Greene Jr Cc: ssh@clinet.fi Subject: Re: ssh-agent question Message-ID: <19991208092915.B14080@ifokr.org> References: <000b01bf40f9$39aaea40$21fb94d0@megalink.net> Mime-Version: 1.0 Content-Type: multipart/signed; boundary=aVD9QWMuhilNxW9f; micalg=pgp-md5; protocol="application/pgp-signature" X-Mailer: Mutt 0.95.6i In-Reply-To: <000b01bf40f9$39aaea40$21fb94d0@megalink.net>; from James W Greene Jr on Tue, Dec 07, 1999 at 04:22:53PM -0500 Sender: owner-ssh@clinet.fi Precedence: bulk --aVD9QWMuhilNxW9f Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable > I seem to be ahving a proble with ssh-agent, and ssh-add.. What I am > trying to accomplish is, to be able to have cron ssh over to another serv= er, > and add users, or whatnot... The problem is. If i do a eval `ssh-agent` > then do ssh-add, I can run my scripts that connect to the other machines = no > problem.. But if I log off of the server, the go back in the scripts will > not work, and it asks me for my pass phrase.. Is there a way to have it > keep the key info without having to stay logged in ? I wrote a function that I put i my .profile that will try to see if we already can talk to an agent, if not try to connect to the 'last' one we started (it saves a file with environment variables in it when it starts the agent) and if it can't find that one, then it tries all agent sockets in the /tmp/ssh-username directory newest to oldest, until it finds one. If it never does, it starts one up If you have several running, it'll stop when it finds one, it doesn't have a concept of a 'best' one. should work in ksh/bash/etc Note it sends stuff to STDERR, so you may want to eliminate those lines. It was written for ssh1. It's probably more than you need, but it's fine for me. function findAgent { # Now take care of ssh agent forwarding function agentAlive { ssh-add -l > /dev/null 2>&1 # see if it's live return $? } typeset local SSH_DIR if `agentAlive` ; then # Check if we're already set echo Using existing agent >&2 else SSH_DIR=3D$HOME/.ssh mkdir $SSH_DIR 2>/dev/null SSH_PARMS=3D$SSH_DIR/agentparms # save our settings here if test -r $SSH_PARMS; then . $SSH_PARMS > /dev/null fi if `agentAlive` ; then echo Connected to existing agent >&2 else typeset local KEEP KEEP=3D'' for n in /tmp/ssh-$LOGNAME/*=20 do export SSH_AUTH_SOCK=3D$n; export SSH_AUTHENTICATION_SOCKET=3D$n; if `agentAlive` ; then KEEP=3D$n fi done export SSH_AUTH_SOCK=3D$KEEP export SSH_AUTHENTICATION_SOCKET=3D$KEEP if `agentAlive` ; then echo "Connected to (unregistered) Agent" >&2 else eval `ssh-agent -s 2>/dev/null |tee $SSH_PARMS \ | grep -v '^echo '` if `agentAlive` ; then echo New Agent started >&2 else echo Cannot start the agent >&2 fi fi fi fi } -- ssh@onsight.com "But not denying it doesn't Systems and make it true any more than Security Engineer not confirming it makes it false." http://www.onsight.com/ =20 =20 Every message PGP signed --aVD9QWMuhilNxW9f Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBOE55Sptv4u4CAYdJAQHJWQf8CBCPM9QQvCYzS8L+ptVkJ9Sj+x0OcQe0 mQC9YFu5PYbi29SnAlhvIA96bLOOEg5NOPyLBGjFyGzCWzpgdku8vhnn6e/HSssI AWEnrHMOjLXFnLVSaZ70g2nwdwjjSli3/B0qDFHFFzh7pRjliGIkcJsHDhruWgXC Clq7O662PbLUbF/7e40xabeeCHT17Ck3xsSfcQtm1m2i2Hu5stmnzwxtGr7jxbY9 Ux8K3dwWmv06O0jP7T/4gADw8Sp5roLZBOlPmKlWBxy8KrhDCBtd2/te4o9r0CNl yFj0PWyNZBsgeTzZRb2AbgtPemej18MzZXiV+JY1X2DPoqGSTkmxLg== =OW// -----END PGP SIGNATURE----- --aVD9QWMuhilNxW9f--