Hello lists, For over a decade I've used windowmaker for my freebsd desktop. For easy ssh/sftp access to sites, before starting windowmaker with xinit, I run 'agent' which is a tcsh alias for the following: rm -f "$HOME"/.ssh/`hostname`.agent ; ssh-agent | grep -v echo > "$HOME"/.ssh/`hostname`.agent ; source "$HOME"/.ssh/`hostname`.agent ; ssh-add it prompts me for my ssh keyphrase. Then I start xinit, and all windows subsequently opened in xorg/windowmaker have this key in their environment loaded. Connecting to another server is as easy as ssh name at server. However, this does not happen if MATE is loaded from xinit. It is as if I had not loaded the key at all before starting MATE. I get this error: sign_and_send_pubkey: signing failed: agent refused operation If I then run 'agent', prompts me for the keyphrase, then it works normally. But I have to repeat this in every single opened terminal. What do I have to do to stop MATE from clobbering (or whatever it's doing - I don't know where to start with this) ssh-add? for context: recent freebsd-stable/amd64 and ports thanks, -- J.
On 24/05/2018 10:41, tech-lists wrote:> However, this does not happen if MATE is loaded from xinit. It is as if > I had not loaded the key at all before starting MATE. I get this error: > > sign_and_send_pubkey: signing failed: agent refused operation > > If I then run 'agent', prompts me for the keyphrase, then it works > normally. But I have to repeat this in every single opened terminal. > > What do I have to do to stop MATE from clobbering (or whatever it's > doing - I don't know where to start with this) ssh-add? > > for context: recent freebsd-stable/amd64 and ports >MATE loads all of gnome-keyring, including the ssh-agent portion. This is an almost hard-coded behaviour; it cannot be disabled even in MATE's Startup Applications (where the different parts of gnome-keyring are present and enabled separately). The only way to disable gnome-keyring from loading at all and setting itself in the global MATE environment is through a dconf or gconf key that escapes me at the moment. By default, gnome-keyring will ask for your SSH key passphrase (through pinentry) only on the first time you connect somewhere that uses it. It is then added and used just like ssh-add would. -- Charlie Li Can't think of a witty .sigline today? (This email address is for mailing list use only; replace local-part with vishwin for off-list communication) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20180524/d3fefa30/attachment.sig>
24.05.2018 21:41, tech-lists wrote:> If I then run 'agent', prompts me for the keyphrase, then it works normally. But I have to repeat this in every single opened terminal.You may like security/keychain port (or package). I use it because of its universal way to run ssh-agent: no matter what DE or window manager you use and how do you start it or not at all, working in ssh or console only. One just adds single line to its login shell script, for bash it is ~/.bash_login: eval `keychain --eval $HOME/.ssh/id_rsa $HOME/.ssh/id_ed25519 $HOME/.ssh/id_dsa` First time after machine reboots (sic!) it asks you for passphrase (if needed) when you log in starting interactive login shell (no matter which way: ssh/X/console) and that's all. It won't ask you again until next reboot, or ssh-agent reset by some other way. You may even disconnect completely and it reuses started ssh-agent next time you log in again.