SUMMARY (followup): Re: starting CDE inside ssh-agent

From: Adam and Christine Levin (levins@westnet.com)
Date: Thu Dec 16 1999 - 10:05:48 CST


I was asked to repost my summary with all of the responses I received,
so here they are with '---' separators (plus a few late entries :) ):

Craig Ledbetter <cledbett@homeaccount.com>:
You may want to try running /usr/dt/bin/dtsession from inside ssh-agent.
I use that command to startup CDE inside virtual X servers for use with
vnc. I ran into the same 'not quite the same' problem that you are
talking about, but running dtsession seemed to fix it.

---

Francisco Azinsan <francisco@vulpes.net>: Try putting the following in your ~/.dtprofile

eval `ssh-agent -s` ssh-add </dev/null

---

Dave McFerren <mcferren@colltech.com>: I run kde on my machine, but the window manager isn't really important. Start your window manager in a script that was started using the ssh-agent. My .xinitrc file looks like this.

exec ssh-agent $HOME/.startkde

and my .startkde file looks like this...

#!/bin/sh # # DEFAULT KDE STARTUP SCRIPT ( KDE-1.1.2 ) # Modified for Red Hat Linux 6.x

# start early for visual feedback kbgndwm &

# clean up old kde /tmp files that belong to the user for file in /tmp/kfm_* /tmp/kio*; do if [ -O $file ]; then rm -fr $file fi done

# start autorun daemon if available and not already running if [ -x /usr/bin/autorun ]; then /sbin/pidof 2>/dev/null >/dev/null autorun || \ /usr/bin/autorun --interval=1000 \ --cdplayer=/usr/bin/kscd & fi

# set up user environment if not present # check for space on /tmp and $HOME and for write access # error exit, if not space_tmp=`df /tmp | xargs | cut -d" " -f11` space_home=`df $HOME | xargs | cut -d" " -f11`

if [ $space_tmp -lt 50 ]; then echo Not enough free disk space on /tmp exit 1 fi

if [ $space_home -lt 25 ]; then echo Not enough free disk space on $HOME exit 1 fi testfile=KDE_$$.testfile

if ! echo TEST_TEXT >/tmp/$testfile 2>/dev/null ; then echo "Have no write permissions for /tmp" exit 1 fi

if ! echo TEST_TEXT >/tmp/$testfile 2>/dev/null ; then echo "Have no write permissions for /tmp" exit 1 fi rm -f /tmp/$testfile

if ! echo TEST_TEXT >$HOME/$testfile 2>/dev/null ; then echo "Have no write permissions for $HOME" exit 1 fi rm -f $HOME/$testfile

# create necessary directories/files if [ ! -d $HOME/Desktop ]; then cp -a /etc/skel/Desktop $HOME fi

if [ ! -f $HOME/.kderc ]; then cp -a /etc/skel/.kderc $HOME fi

f=$HOME/.kde/share/apps/kfm/magic [ -f $f ] || dd if=/dev/random bs=1 count=16 | md5sum > $f

# initialize settings kcontrol -init # Start the common desktop tools in the background. # The sleeps reduce disk usage during startup. # kaudioserver will put itself in the background automagically.

# Only start up sound services if there is a soundcard configured. . /etc/sysconfig/sound if [ "$CARDTYPE" != "" ]; then sleep 1 ; kaudioserver (sleep 1 && exec kwmsound) & fi

# automatically determine bit depth bpp=`/usr/X11R6/bin/xdpyinfo | grep "depths.*:.*8"` if [ ! "$bpp" = "" ]; then (sleep 1 && exec kfm -ncols 96) & else (sleep 1 && exec kfm) & else (sleep 1 && exec kfm) & fi

(sleep 1 && exec krootwm) & (sleep 1 && exec kpanel) & (sleep 1 && exec ssh-add) &

# finally, give the session control to the window manager

sleep 2 ; exec kwm --------------------------------------

Note that the important line is the one that runs the ssh-add. This means that when you execute or start the X , it is run INSIDE the ssh-agent. The ssh-add prompts me for a password as the gui comes up, and you only have to type it once per X session. The ssh-agent actually holds the passphrase you type, and you can ssh to any machine WHILE WITHIN THE GUI without retyping your passphrase.

I have used it on solaris and linux on kde, gnome, cde, xfce, fvwm and other window managers.

---

John D Groenveld <jdg117@elvis.arl.psu.edu>: grep 'Dtlogin\*session' /etc/dt/config/Xconfig Dtlogin*session: /etc/dt/bin/Xsession.ssh

cat /etc/dt/bin/Xsession.ssh #!/bin/sh if [ -d $HOME/.ssh -a -f $HOME/.ssh/identity ]; then exec /opt/ssh/bin/ssh-agent /usr/dt/bin/Xsession "$@" else /usr/dt/bin/Xsession fi

cat $HOME/.dt/sessions/sessionetc #!/bin/sh # ssh-add .ssh/identity if [ -f .ssh/identity ]; then (ssh-add < /dev/null &) fi

---

Bryan Blackburn <blb@pobox.com>: What I've done is edit two files (copying them to /etc/dt/config first):

Xconfig - point it to my modified Xsession by adding the line

Dtlogin*session: /etc/dt/config/Xsession

Xsession - run ssh-agent by adding it to the $dtstart_shell piece; change (just about the end of Xsession)

*) $dtstart_shell -c " \ unset DT; \ DISPLAY=$DISPLAY_HOLD; \ $dtstart_dtsession_res_tty; \ $dtdbcache; \ PATH=/usr/dt/bin:\$PATH:/usr/openwin/bin $tooltalk; \ $startup >> $dtstart_sessionlogfile 2>&1" ;;

to be

*) $dtstart_shell -c " \ unset DT; \ DISPLAY=$DISPLAY_HOLD; \ $dtstart_dtsession_res_tty; \ $dtdbcache; \ PATH=/usr/dt/bin:\$PATH:/usr/openwin/bin $tooltalk; \ /usr/local/bin/ssh-agent $startup >> $dtstart_sessionlogfile 2>&1" ;;

This'll cause the ssh-agent X window to pop up when someone logs on. This also gets the important env information propagated to all other windows, which I believe is the nice convenience you're looking for.

---

Mic Kaczmarczik <mic@uts.cc.utexas.edu>: I missed your original post and only caught the summary... One of the guys in my group wrote a guide to using ssh-agent under X, http://www.utexas.edu/cc/services/unix/using-ssh-agent.html

It says you can run ssh-agent in .dtprofile if you close off standard input using the magic syntax "<&-": PATH=$PATH:/usr/local/bin; export PATH eval `/usr/local/bin/ssh-agent -s` eval `/usr/local/bin/ssh-add <&-`

This input redirection causes ssh-add to display an X window in order to get your passphrase.

Although the guide doesn't mention this, you can run the ssh-add in the background. I do this in my own setup to avoid hanging the entire CDE startup if I don't type in the passphrase right away. As long as you complete the passphrase before you start up any ssh commands, it all works fine.

BTW, the guide also says you can kill off ssh-agent at logout using .dt/sessions/sessionexit: /usr/local/bin/ssh-agent -k



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:35 CDT