Bash – ssh-agent not getting set up (SSH_AUTH_SOCK, SSH_AGENT_PID env vars not set)

I set up a new user account for a friend on Kubuntu 12.04. When he uses ssh he gets this error:

Could not open a connection to your authentication agent

We're running ssh in some bash scripts.

After looking around at the wide variety of things that can lead to that error, I came across this solution:

$ eval `ssh-agent -s`
$ ssh-add ~/.ssh/some_id_rsa

Then he can run the ssh commands (and bash scripts) as expected.

Before running those two commands, the env variables are not set in a terminal:

$ echo $SSH_AGENT_PID

$ echo $SSH_AUTH_SOCK

$

After running the commands, the env variables are set as expected. However, they do not stay set (e.g., in a different shell or after rebooting).

I want to know how to set up his computer so he doesn't have to run those two commands to set the env variables. I do not need to run them on my computer (ever). So far I am not seeing what is different between our machines.

I see this info in the man page, but it does not tell me how Ubuntu is normally setting up the agent automatically or what is happening on my friend's machine so that this is not working for him.

There are two main ways to get an agent set up: The first is that the
agent starts a new subcommand into which some environment variables are
exported, eg ssh-agent xterm &. The second is that the agent prints the
needed shell commands (either sh(1) or csh(1) syntax can be generated)
which can be evalled in the calling shell, eg eval ssh-agent -s for
Bourne-type shells such as sh(1) or ksh(1) and eval ssh-agent -c for
csh(1) and derivatives.

After installing acct and rebooting, this is the output of lastcomm:

ssh-agent         F    newuser __         0.12 secs Wed Aug  7 11:02
ssh-agent         F    newuser __         0.00 secs Wed Aug  7 20:34
ssh-agent         F    newuser __         0.02 secs Wed Aug  7 20:02
ssh-agent         F    newuser __         0.01 secs Thu Aug  8 12:39
ssh-agent         F    newuser __         0.02 secs Thu Aug  8 07:45

From the man page:

F — command executed after a fork but without a following exec

I'm not sure if that is significant.

Best Answer

You mentioned your user is sshing in, not logging in locally. So the use-ssh-agent in /etc/X11/Xsession.options is a red herring: it won't be executed on SSH sessions, only when logging into a X11 GUI desktop locally (or using some virtual X11 session like over VNC or RDP).

Instead, you should check if libpam-ssh is installed on either system. It can be configured to authenticate a user using SSH private key passphrases, but that is optional and you'll need to specifically place the key to ~/.ssh/login-keys.d/ for that functionality.

Its other feature, though, is to auto-start a SSH agent on any login session and automatically add SSH private keys to the agent if their passphrase is the same as the user's login password. I'm thinking this might be the cause of the different behavior between your systems.

Best Answer

Related Solutions

Ssh – Why is the SSH authentication socket different from the man pages

Ssh-agent not working properly

Related Question