Ok, it’s time to start adding technical notes to my website before I forget how to do it. With everyone using SSH (Secure Shell) as a standard method of communicating between hosts, it’s always useful to bypass entering a password every time you want to login. Now, I still use CDE at work but I want to be able to SSH between hosts without entering a password.
Ok, let’s generate a public key with a keypass:
[andharr@sr1-egmp-01:~]$ ssh-keygen -b 2048 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/andharr/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/andharr/.ssh/id_rsa.
Your public key has been saved in /home/andharr/.ssh/id_rsa.pub.
The key fingerprint is:
1b:73:fc:02:2f:9b:fe:c6:99:13:a3:23:e4:e1:9a:a1 andharr@sr1-egmp-01
Let’s register the passkey with ssh-agent:
[andharr@sr1-egmp-01:~]$ ssh-add
Enter passphrase for /home/andharr/.ssh/id_rsa:
Identity added: /home/andharr/.ssh/id_rsa (/home/andharr/.ssh/id_rsa)[andharr@sr1-egmp-01:~]$ ssh-add -l
2048 1b:73:fc:02:2f:9b:fe:c6:99:13:a3:23:e4:e1:9a:a1 /home/andharr/.ssh/id_rsa (RSA)
Let’s copy our public key into the authorized_keys file (in my home .ssh directory)
[andharr@sr1-egmp-01:~]$ cat /home/andharr/.ssh/id_rsa.pub >> /home/andharr/.ssh/authorized_keys
[andharr@sr1-egmp-01:~]$ chmod 600 /home/andharr/.ssh/authorized_keys
and make sure it’s got the right file permissions
In .dtprofile we need to make sure that dtsession starts with ssh-agent running so all subsequent sessions have ssh-agent invoked
### Errors in .dtprofile or .profile (.login) may prevent a successful
### login. If so, log in via the Fail-safe session and correct the error.
###
#if [ “$SSH_AUTH_SOCK” = “” -a -x /usr/bin/ssh-agent ]; then
# eval `/usr/bin/ssh-agent`
#fiif [ -f $HOME/.ssh/id_rsa -a -x /usr/bin/ssh-agent ]; then
dtstart_session[0]=”/usr/bin/ssh-agent /usr/dt/bin/dtsession”### We could always start up gnome or even enlightenment using this method (if we were unable to modify the servers window manager choices)
#dtstart_session[0]=”/usr/bin/ssh-agent /usr/bin/gnome-session”
#dtstart_session[0]=”/usr/bin/ssh-agent /home/andharr/e17/bin/englightentment”
fi
Now, we should be able to add the following to $HOME/.dt/sessions/sessionetc
# Let’s fire up a window to enter my keypass
if [ -f /usr/bin/ssh-add ]; then
/usr/bin/ssh-add < /dev/null & fi
However due to changes in Solaris 9 to Solaris 10 we then hit bug 6192335 – “askpass client for ssh-add missing” so we have to workaround by using our own ssh-askpass which I’ve nabbed from here.
So we’ll have to amend sessionetc
# Let’s fire up a window to enter my keypass
if [ -f /usr/bin/ssh-add ]; then
export SSH_ASKPASS=”/home/andharr/bin/x11-ssh-askpass”
/usr/bin/ssh-add < /dev/null & fi
We also need to add the following to $HOME/.dt/sessions/sessionexit
if [ “$SSH_AGENT_PID” != “” -a -x /usr/bin/ssh-agent ]; then
/usr/bin/ssh-agent -k
fi
So at least when I log into my CDE session I’ll be prompted for my passkey which will get registered with ssh-agent and allow me to ssh to any system (which uses my home directory on the same nameservice).
Useful links
https://www.sshkeychain.org/mirrors/SSH-with-Keys-HOWTO/SSH-with-Keys-HOWTO-4.html
https://docs.sun.com/app/docs/doc/816-4557/6maosrjjh