5

After a: 

eval `ssh-agent -s`
ssh-add

I can log in to a "server" via ssh without pwd.

Question: But If I open a new gnome-terminal I have to do this again, why?

Using RHEL Desktop 6.6 with GNOME.

UPDATE #1: interesting, another RHEL Desktop doesn't runs ssh-agent, it only needs an "ssh-add" per boot. But issuing an "ssh-add" on the "bad desktop" only gives an error message: "Could not open a connection to your authentication agent."

UPDATE #2: SSH_AUTH_SOCK is missing after a fresh reboot, maybe that is the problem?: 

[user@notebook ~]$ env | grep SSH
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
[user@notebook ~]$
Gilles 'SO- stop being evil'
  • 829,060
danijelgwrtheyrn
  • 51
  • Actually gnome did the job (save ssh key) already, but I noticed gnome require you reboot once after ssh-add, otherwise you need ssh-add in each bash session "before reboot". This behaviour is confusing. – 林果皞 Nov 15 '17 at 09:43

3 Answers3

4

ssh-add and ssh refer to a couple of environment variables to find the SSH agent to talk to: SSH_AGENT_PID and SSH_AUTH_SOCK. When you run

eval `ssh-agent -s`

ssh-agent outputs the values and your shell interprets them; they are set in the shell the command is run from, and that shell only. Thus when you start a new terminal, the new shell in that terminal doesn't have those variables set appropriately and ssh can't find the agent.

If you have both terminals running, you can run

env | grep SSH

in the terminal you started the agent from, and set the values given in the new terminal. Then ssh should find the agent in the second terminal.

A better solution though is to use the SSH agent integration in GNOME, as provided by gnome-keyring. I'm not sure how things are set up in RHEL Desktop, but you can try simply running ssh-add without starting the agent beforehand...

The GNOME keyring SSH documentation may be helpful; in particular, you may want to check whether the SSH Key Agent is enabled in your startup applications (in the GNOME properties).

Stephen Kitt
  • 434,908
1

ssh-agent -s returns a few environment variables to be set, like so:

SSH_AUTH_SOCK=/tmp/ssh-OIohiYiJShSO/agent.11139; export SSH_AUTH_SOCK;
SSH_AGENT_PID=11140; export SSH_AGENT_PID;

While they carry over to processes launched from the shell these are set in, they do not apply to processes not launched from that shell. When you open a new gnome-terminal from the desktop or a menu, it is not launched via that shell, so it does not get the environment variables.

If you launch your new terminal from the shell you ran exec `ssh-agent -s`, in e.g. by typing gnome-terminal &, it will inherit the shell variables and it should work. Alternatively, you can call ssh-agent with a command, like so:

ssh-agent gnome-terminal &

It will then run that command with the necessary environment variables set.

marinus
  • 1,876
  • 13
  • 11
0

If "env | grep SSH" is bad (regarding missing SSH_AUTH_SOCK):

vi ~/.bashrc

SSH_AUTH_SOCK=`env | grep GNOME_KEYRING_SOCKET | cut -d= -f2 | sed 's/$/.ssh/g'`
[ -z "$SSH_AUTH_SOCK" ] || export SSH_AUTH_SOCK
danijelgwrtheyrn
  • 51