[CentOS] keychain problem
bluethundr
bluethundr at gmail.com
Sun Jan 16 01:12:34 UTC 2011
Hello and thanks for your reply!
Well I took your advice and removed that keychain scriptlet from
.bashrc and put it into .bash_profile. Not sure what the functional
difference between the two would be. Perhaps you would care to
elaborate? I know that rc stands for "resource configuration" but
other than that I don't know why this statement would be more
appropriate in the .bash_profile. However you do seem well versed in
this and I hope you don't mind answering this question.
So this is what I put into my .bash_profile
$(keychain --eval --agents ssh id_rsa)
and here is an ssh session from after when I did this:
[bluethundr at LCENT01:~]#bash
[bluethundr at LCENT01:~]#ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-cBwwRR5466/agent.5466; export SSH_AUTH_SOCK;
SSH_AGENT_PID=5467; export SSH_AGENT_PID;
echo Agent pid 5467;
[bluethundr at LCENT01:~]#ssh-add
Could not open a connection to your authentication agent.
[bluethundr at LCENT01:~]#exec ssh-agent bash
[bluethundr at LCENT01:~]#ssh-add
Enter passphrase for /home/bluethundr/.ssh/id_rsa:
Identity added: /home/bluethundr/.ssh/id_rsa (/home/bluethundr/.ssh/id_rsa)
So this behavior did not change. I still have to enter my passphrase
again after I put this into my .bash_profile
[bluethundr at LCENT01:~]#ssh virt1
Last login: Sat Jan 15 11:51:08 2011 from 192.168.1.42
#########################################################
# SUMMITNJHOME.COM #
# TITLE: LB1 BOX #
# HOST: VIRTCENT01 #
# LOCATION: SUMMIT BASEMENT #
#########################################################
* keychain 2.7.0 ~ http://www.funtoo.org
* Found existing ssh-agent: 27556
* Adding 1 ssh key(s): /home/bluethundr/.ssh/id_rsa
Enter passphrase for /home/bluethundr/.ssh/id_rsa:
Bad passphrase, try again for /home/bluethundr/.ssh/id_rsa:
* ssh-add: Identities added: /home/bluethundr/.ssh/id_rsa
This is new.. now I get prompted for the passphrase AGAIN once I reach
the server I am ssh'ing in to.
I should point out that I am operating from a shared NFS mounted home directory.
-bash: SSH_AUTH_SOCK=/tmp/ssh-Tqzln27555/agent.27555;: No such file or directory
[bluethundr at VIRTCENT01:~]#ssh virt2
ssh: connect to host virt2 port 22: No route to host
[bluethundr at VIRTCENT01:~]#ssh sum2
Enter passphrase for key '/home/bluethundr/.ssh/id_rsa':
Enter passphrase for key '/home/bluethundr/.ssh/id_rsa':
Last login: Sat Jan 15 10:54:51 2011 from 192.168.1.50
#########################################################
# SUMMITNJHOME.COM #
# TITLE: SUM2 BOX #
# HOST: LCENT02 #
# LOCATION: SUMMIT BASEMENT #
#########################################################
* keychain 2.7.0 ~ http://www.funtoo.org
* Starting ssh-agent...
* Adding 1 ssh key(s): /home/bluethundr/.ssh/id_rsa
Enter passphrase for /home/bluethundr/.ssh/id_rsa:
* ssh-add: Identities added: /home/bluethundr/.ssh/id_rsa
-bash: SSH_AUTH_SOCK=/tmp/ssh-JGlcJj6111/agent.6111;: No such file or directory
Well it seems that I am still trying to figure this situation out. If
you have any further insight into what may be going on here I would
certainly appreciate your input.
On Sat, Jan 15, 2011 at 6:15 PM, Cameron Kerr <cameron at humbledown.org> wrote:
>
> On 16/01/2011, at 11:56 AM, Cameron Kerr wrote:
>
> On 16/01/2011, at 5:22 AM, bluethundr wrote:
>
> I have this line in my .bashrc file
>
> $(keychain --eval --quick --quiet private_key1 private_key2 private_key3)
>
> Should not this go into your ~/.bash_profile?
>
> (disclaimer: I've not used the 'keychain' program before)
>
>
> According to the docs for keychain, it should look something more like the
> following:
> eval `keychain --eval --agents ssh id_dsa`
> The 'eval' at the start is probably more important than you think... I noted
> myself that the following are quite different in a bash script I was working
> on:
> "$@"
> eval "$@"
> (only the latter works, the former ended up not doing anything in a
> #!/bin/bash script)
> https://github.com/funtoo/keychain and
> http://www.funtoo.org/en/security/keychain/intro/ for more information
> regarding keychain. You might also like adding || exit 1 or similar to
> the 'eval' call, for debugging, as shown in the docs.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
--
GPG me!!
gpg --keyserver pgp.mit.edu --recv-keys F186197B
More information about the CentOS
mailing list