I set up a new user account for a friend on Kubuntu 12.04. When he uses ssh
he gets this error:
Could not open a connection to your authentication agent
We're running ssh
in some bash scripts.
After looking around at the wide variety of things that can lead to that error, I came across this solution:
$ eval `ssh-agent -s`
$ ssh-add ~/.ssh/some_id_rsa
Then he can run the ssh
commands (and bash scripts) as expected.
Before running those two commands, the env variables are not set in a terminal:
$ echo $SSH_AGENT_PID
$ echo $SSH_AUTH_SOCK
$
After running the commands, the env variables are set as expected. However, they do not stay set (e.g., in a different shell or after rebooting).
I want to know how to set up his computer so he doesn't have to run those two commands to set the env variables. I do not need to run them on my computer (ever). So far I am not seeing what is different between our machines.
I see this info in the man page, but it does not tell me how Ubuntu is normally setting up the agent automatically or what is happening on my friend's machine so that this is not working for him.
There are two main ways to get an agent set up: The first is that the
agent starts a new subcommand into which some environment variables are
exported, eg ssh-agent xterm &. The second is that the agent prints the
needed shell commands (either sh(1) or csh(1) syntax can be generated)
which can be evalled in the calling shell, eg evalssh-agent -s
for
Bourne-type shells such as sh(1) or ksh(1) and evalssh-agent -c
for
csh(1) and derivatives.
After installing acct
and rebooting, this is the output of lastcomm
:
ssh-agent F newuser __ 0.12 secs Wed Aug 7 11:02
ssh-agent F newuser __ 0.00 secs Wed Aug 7 20:34
ssh-agent F newuser __ 0.02 secs Wed Aug 7 20:02
ssh-agent F newuser __ 0.01 secs Thu Aug 8 12:39
ssh-agent F newuser __ 0.02 secs Thu Aug 8 07:45
From the man page:
F — command executed after a fork but without a following exec
I'm not sure if that is significant.
Best Answer
You mentioned your user is
ssh
ing in, not logging in locally. So theuse-ssh-agent
in/etc/X11/Xsession.options
is a red herring: it won't be executed on SSH sessions, only when logging into a X11 GUI desktop locally (or using some virtual X11 session like over VNC or RDP).Instead, you should check if
libpam-ssh
is installed on either system. It can be configured to authenticate a user using SSH private key passphrases, but that is optional and you'll need to specifically place the key to~/.ssh/login-keys.d/
for that functionality.Its other feature, though, is to auto-start a SSH agent on any login session and automatically add SSH private keys to the agent if their passphrase is the same as the user's login password. I'm thinking this might be the cause of the different behavior between your systems.