Site Navigation

Date:      Fri, 04 Jun 2010 07:56:31 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        freebsd-questions@freebsd.org
Cc:        Steve Franks <bahamasfranks@gmail.com>
Subject:   Re: x11/xfce ssh-agent once per logon for minimal (no gnome/kde) installation
Message-ID:  <4C08A39F.5@infracaninophile.co.uk>
In-Reply-To: <AANLkTinH9tyjtehPBvzeixTW8oMUOCvWKqIU8l39shVY@mail.gmail.com>
References:  <AANLkTinH9tyjtehPBvzeixTW8oMUOCvWKqIU8l39shVY@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/06/2010 24:39:46, Steve Franks wrote:
> I'm totally lost.  What I desire is to put in my passphrase for my
> public key(s) when I logon to my box.  Since I usually install from
> ports and use xfce, I have no infrastructure for this, and I'm getting
> nowhere fast.  My Fedora box popped up a nice little "enter
> passphrase" box the very first time I ssh'd to my server, and now it
> 'just works'.  My FreeBSD boxes (which are many - everything *but* the
> laptop with Fedora), 'just don't work'.  I've installed everything
> with 'ssh'  and either 'key' or 'agent' in the name from
> ports/security, and gone through the manpages, and tweaked countless
> environment variables, but every time I ssh on a FreeBSD box, it
> stubbornly locates the terminal I started any gui's from (i.e. meld +
> bzr), and asks for the passphrase a great many times daily.  Add that
> I've started my gui with meld& (so as to continue using said terminal
> - don't love 'panels', 'choosers', 'menus', etc - guis are for word
> processors and file managers, not desktops), I can't even type in the
> passphrase there.  I  generally like using FreeBSD caveman style, but
> this is starting to drive me nuts.  No meld/bzr==no work from home==no
> happiness ;)
> 
> Anyone have a 'standard' / FreeBSD-friendly best-practices for this?
> I think I'm just cluttering up my system here.

The problem you have is that you need to start ssh-agent(1) somewhere
very early in your login process, so that your entire desktop
environment can inherit all the necessary ssh-agent settings.

Exactly what to do depends on how you get into X11.  If you run
startx(1) manually when you want to switch from console to X11 then you
need to edit your ~/.xinitrc

Alternatively, if you use a display manager like xdm(1) -- ie. there's
an X based graphical login -- then you have two choices: edit your
~/.xsession or tweak the pam configuration for your login manager.

If you want to go the 'edit .xinitrc or .xsession' route then you need
to do basically the same thing for either of those two files.  They're
pretty much just scripts that start up the initial X applications for
your login session: practically speaking, that means starting up your
window manager.  It's possible you don't have either of those files
explicitly in your account: in either case the system will run a
standard default script if it can't find a user specific version.

The .xinitrc or .xsession file should look something like this:

#!/bin/sh

# Import user environment settings
. ${HOME}/.profile

eval $( ssh-agent -s )

# Eg. pop up an xterm so you can enter your ssh passphrase
xterm -geometry 80x24-91+0 -e /usr/bin/ssh-add -c ${HOME}/.ssh/id_rsa &

# Note: no '&' -- this should run in the foreground
xfce

eval $( ssh-agent -k )
#
# That's All Folks!
#

This is just a rough outline, which you should adapt to your own needs
- -- in particular there are nicer apps you can use for entering a
passphrase.  Also note that you can probably omit that bit from the
.xinitrc or .xsession and have your window manager run it.  In any case,
the important bits are the two 'eval' lines bracketing the
window-manager startup.

The other possibility -- which is only available if you are using a
display manager like xdm(1) -- is tweaking the pam settings.  For xdm,
edit the file /etc/pam.d/xdm and uncomment the two lines mentioning
pam_ssh.  Now you will be able to log into your system via xdm using
your ssh passphrase, and xdm will start up ssh-agent for your session
and add your key to it.  Different display managers will have their own
pam.d files (either in /etc/pam.d or in /usr/local/etc/pam.d) but you
should be able to make equivalent changes there -- either uncomment or
add pam_ssh lines in the auth or session sections.

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwIo58ACgkQ8Mjk52CukIxm/ACgjwPTgJjq8YjN/e1uwD9be2xj
vBcAoIQ8aP+1pyV/050ooHCr9yUFjuXh
=S7kV
-----END PGP SIGNATURE-----

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C08A39F.5>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact