[CentOS] keychain problem

Sun Jan 16 01:12:34 UTC 2011
bluethundr <bluethundr at gmail.com>

Hello and thanks for your reply!

 Well I took your advice and removed that keychain scriptlet from
.bashrc and put it into .bash_profile. Not sure what the functional
difference between the two would be. Perhaps you would care to
elaborate? I know that rc stands for "resource configuration" but
other than that I don't know why this statement would be more
appropriate in the .bash_profile. However you do seem well versed in
this and I hope you don't mind answering this question.

So this is what I put into my .bash_profile

$(keychain --eval --agents ssh id_rsa)

and here is an ssh session from after when I did this:

[bluethundr at LCENT01:~]#bash
[bluethundr at LCENT01:~]#ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-cBwwRR5466/agent.5466; export SSH_AUTH_SOCK;
SSH_AGENT_PID=5467; export SSH_AGENT_PID;
echo Agent pid 5467;
[bluethundr at LCENT01:~]#ssh-add
Could not open a connection to your authentication agent.
[bluethundr at LCENT01:~]#exec ssh-agent bash
[bluethundr at LCENT01:~]#ssh-add
Enter passphrase for /home/bluethundr/.ssh/id_rsa:
Identity added: /home/bluethundr/.ssh/id_rsa (/home/bluethundr/.ssh/id_rsa)

So this behavior did not change. I still have to enter my passphrase
again after I put this into my .bash_profile


[bluethundr at LCENT01:~]#ssh virt1
Last login: Sat Jan 15 11:51:08 2011 from 192.168.1.42
#########################################################
#               SUMMITNJHOME.COM                        #
#               TITLE:       LB1 BOX                    #
#               HOST:        VIRTCENT01                 #
#               LOCATION:    SUMMIT BASEMENT            #
#########################################################

 * keychain 2.7.0 ~ http://www.funtoo.org
 * Found existing ssh-agent: 27556
 * Adding 1 ssh key(s): /home/bluethundr/.ssh/id_rsa
Enter passphrase for /home/bluethundr/.ssh/id_rsa:
Bad passphrase, try again for /home/bluethundr/.ssh/id_rsa:
 * ssh-add: Identities added: /home/bluethundr/.ssh/id_rsa

This is new.. now I get prompted for the passphrase AGAIN once I reach
the server I am ssh'ing in to.

I should point out that I am operating from a shared NFS mounted home directory.


-bash: SSH_AUTH_SOCK=/tmp/ssh-Tqzln27555/agent.27555;: No such file or directory
[bluethundr at VIRTCENT01:~]#ssh virt2
ssh: connect to host virt2 port 22: No route to host
[bluethundr at VIRTCENT01:~]#ssh sum2
Enter passphrase for key '/home/bluethundr/.ssh/id_rsa':
Enter passphrase for key '/home/bluethundr/.ssh/id_rsa':
Last login: Sat Jan 15 10:54:51 2011 from 192.168.1.50
#########################################################
#               SUMMITNJHOME.COM                        #
#               TITLE:       SUM2 BOX                   #
#               HOST:        LCENT02                    #
#               LOCATION:    SUMMIT BASEMENT            #
#########################################################

 * keychain 2.7.0 ~ http://www.funtoo.org
 * Starting ssh-agent...
 * Adding 1 ssh key(s): /home/bluethundr/.ssh/id_rsa
Enter passphrase for /home/bluethundr/.ssh/id_rsa:
 * ssh-add: Identities added: /home/bluethundr/.ssh/id_rsa

-bash: SSH_AUTH_SOCK=/tmp/ssh-JGlcJj6111/agent.6111;: No such file or directory

Well it seems that I am still trying to figure this situation out. If
you have any further insight into what may be going on here I would
certainly appreciate your input.


On Sat, Jan 15, 2011 at 6:15 PM, Cameron Kerr <cameron at humbledown.org> wrote:
>
> On 16/01/2011, at 11:56 AM, Cameron Kerr wrote:
>
> On 16/01/2011, at 5:22 AM, bluethundr wrote:
>
> I have this line in my .bashrc file
>
> $(keychain --eval --quick --quiet private_key1 private_key2 private_key3)
>
> Should not this go into your ~/.bash_profile?
>
> (disclaimer: I've not used the 'keychain' program before)
>
>
> According to the docs for keychain, it should look something more like the
> following:
> eval `keychain --eval --agents ssh id_dsa`
> The 'eval' at the start is probably more important than you think... I noted
> myself that the following are quite different in a bash script I was working
> on:
> "$@"
> eval "$@"
> (only the latter works, the former ended up not doing anything in a
> #!/bin/bash script)
> https://github.com/funtoo/keychain  and
> http://www.funtoo.org/en/security/keychain/intro/  for more information
> regarding keychain. You might also like adding    || exit 1   or similar to
> the 'eval' call, for debugging, as shown in the docs.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>



-- 
GPG me!!

gpg --keyserver pgp.mit.edu --recv-keys F186197B