ssh-agent falling over

ssh-agent falling over

Post by jimmy_mcnam.. » Fri, 18 Aug 2000 04:00:00



Hi Folks,

I am using ssh in a web based system to interact with an email web
server. I have set up ssh on startup of the system using the ssh-agent2
as follows:

#!/usr/bin/ksh
#Set up the ability to log into account without using a password or
passphrase via ssh
# Your passphrase should be stored in a file called passphrase.


su - conexon -c "eval /usr/local/bin/ssh-agent2

Quote:>/install/conexon/bin/sshenvconexon"

su - conexon -c ".
/install/conexon/bin/sshenvconexon;/usr/local/bin/ssh-add2 -p
/export/home/conexon/.ssh2/id_dsa_1024_a
</install/conexon/bin/passphrase"

. /install/conexon/bin/sshenvconexon

else

echo "KILLING"

kill -9 $SSH2_AGENT_PID

su - conexon -c "eval /usr/local/bin/ssh-agent2

Quote:>/install/conexon/bin/sshenvconexon"

su - conexon -c ". /install/conexon/bin/sshenvconexon;
/usr/local/bin/ssh-add2  -p /export/home/conexon/.ssh2/id_dsa_1024_a
</install/conexon/bin/passphrase"

. /install/conexon/bin/sshenvconexon

fi

This just kicks off the ssh-agent on startup adds the private key using
ssh-add2 and adds the passphrase. The result is a system that can use
ssh to provide a non-interactive login to the web server. This has
worked fine but I have noticed recently that the ssh-agent2 has died
alot recently while the system is running. Anybody any ideas why the
agent would fall over and is there any log file or diagnostics I can use
to find out why.

Jimmy

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

ssh-agent falling over

Post by Richard E. Silverm » Fri, 18 Aug 2000 04:00:00


    jimmy> I have noticed recently that the ssh-agent2 has died alot
    jimmy> recently while the system is running. Anybody any ideas why the
    jimmy> agent would fall over and is there any log file or diagnostics
    jimmy> I can use to find out why.

* Run the agent in debug mode: "ssh-agent2 -d SshAgent=10 ..."

* Comment out the chdir("/") in ssh-agent2.c and make sure it can write
  into its working directory; then it will leave a core dump to examine if
  it's crashing.

  btw, it seems like a large oversight that ssh-agent2 does not call
  ssh_signals_prevent_core to prevent accidental core dumps from leaving
  plaintext keys lying around on disk.  The only thing that prevents core
  dumps in general with it now is the fact that it generally can't write
  into the root directory.

* Run it under trace/truss/strace, logging the output to a file.

Btw, if you're going to store the passphrase on disk, you might as well
just use an unencrypted key file and spare yourself some steps.  I assume
this agent is for some sort of unattended batch job, not interactive use
by a person, and that use of the key and the remote accounts to which is
has access is strictly limited.  Otherwise, this procedure of yours is
very insecure; you might just as well leave your passwords in a file in
your account named "passwords-here-please-hack-me.txt".

--
  Richard Silverman


 
 
 

1. OpenSSH on Cygwin: ssh-add not recognizing ssh-agent

I'm new to OpenSSH. I'm using Cygwin on Windows98 to try to set up the
OpenSSH server, but I can't seem to get ssh-add to work. I've read the man
files, and they haven't helped. I've started ssh-agent, and then tried to
add the keys I created, but ssh-add comes back with the response "Could not
open a connection to your authentication agent."

Here's my session:
bash-2.04$ ssh 128.61.47.44
Pseudo-terminal will not be allocated because stdin is not a terminal.
Secure connection to 128.61.47.44 refused.
bash-2.04$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-hR814227/agent.814227; export SSH_AUTH_SOCK;
SSH_AGENT_PID=764251; export SSH_AGENT_PID;
echo Agent pid 764251;
bash-2.04$ ssh-add owens81
Could not open a connection to your authentication agent.
bash-2.04$ ssh-add
Could not open a connection to your authentication agent.

I also can see that ssh-agent is running in another program I have that
monitors what's running on my computer.

What could I be doing wrong? Based on what I've found on the Internet, I'm
doing everything right, yet it's not working.

--
Nathan Owens
Georgia Tech, Atlanta

2. Percussion Notrix

3. SSH-AGENT SSH-ADD

4. Wanted: OzTeX performance

5. ssh-add can't connect to ssh-agent problem

6. Domain Aliases and sendmail

7. ssh-agent & ssh-add under RedHat Linux

8. USR Sportster 28.8K problem

9. ssh-agent / ssh-add

10. ssh-agent/ssh-add on x86 SVR4.2

11. Using ssh-agent for passwordless ssh login from Windows XP to Linux

12. Closing down SSH-connections with ssh-agent won't work

13. Getting ssh-add & ssh-agent 2 work 2gether