OESF Portables Forum
Everything Else => General Support and Discussion => Zaurus General Forums => Archived Forums => Security and Networking => Topic started by: aki on February 18, 2005, 04:28:28 pm
-
It would be nice to have ssh-agent/ssh-add function like it does in X11, have it start up when Qtopia starts and prompt you for a passphrase so that you can ssh at will from the console.
I set it up on ~/.profile, but then it starts a copy every time you open a terminal window.
Is it possible to fire it up when Qtopia starts up?
-
Sounds like you need something like keychain (http://www.gentoo.org/proj/en/keychain/index.xml)
It adds you keys the first time it starts and reuses ssh-agent if it's already running (more info here http://www-106.ibm.com/developerworks/library/l-keyc2/) (http://www-106.ibm.com/developerworks/library/l-keyc2/))
Otherwise just write a script that check if ssh-agent has alreay been run and if so don't run it again
Stu
-
Otherwise just write a script that check if ssh-agent has alreay been run and if so don't run it again
Stu
[div align=\"right\"][a href=\"index.php?act=findpost&pid=67810\"][{POST_SNAPBACK}][/a][/div]
That won't work either. Per its man page, ssh-agent needs to be run at the beginning of a login session so that all programs are started as clients of the (one) ssh-agent program.
Ideally, then, it needs to be run just before Qtopia starts, ala X11 land (via the .Xsessions file).
opie-sh-ssh-askpass would provide a dialog window to allow the entry of passphrases and can be run from an icon.
But how do you run ssh-agent just before the Qtopia environment starts?
-
But how do you run ssh-agent just before the Qtopia environment starts?
Edit the /opt/QtPalmtop/qpe.sh
-
Otherwise just write a script that check if ssh-agent has alreay been run and if so don't run it again
Stu
[div align=\"right\"][a href=\"index.php?act=findpost&pid=67810\"][{POST_SNAPBACK}][/a][/div]
That won't work either. Per its man page, ssh-agent needs to be run at the beginning of a login session so that all programs are started as clients of the (one) ssh-agent program.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=67981\"][{POST_SNAPBACK}][/a][/div]
Try keychain then.
I've been using it on my desktop system since 2000, I only have to give my passwords once per boot, I can log out and log back in or even start another session and the still ssh without giving my password again. It also does gpg-agent but I don't sign alot of stuff so I haven't bothered setting it up.
I used to run keychain on my Z but lost it in a reflash and never got around to putting it back on as I generally only ssh onto the Z not from it.
Stu
-
Try keychain then.
I've been using it on my desktop system since 2000, I only have to give my passwords once per boot, I can log out and log back in or even start another session and the still ssh without giving my password again. It also does gpg-agent but I don't sign alot of stuff so I haven't bothered setting it up.
I used to run keychain on my Z but lost it in a reflash and never got around to putting it back on as I generally only ssh onto the Z not from it.
Stu
[div align=\"right\"][{POST_SNAPBACK}][/a][/div] (http://index.php?act=findpost&pid=68030\")
I just downloaded and packaged it as an ipk and can be downloaded from
[a href=\"http://cern.ch/andrew/zaurus]http://cern.ch/andrew/zaurus[/url]. I have not done much testing though.
Looks ok to me, let me know if there is something seriously wrong.
Enjoy,
Andrew
-
Edit the /opt/QtPalmtop/qpe.sh
[div align=\"right\"][{POST_SNAPBACK}][/a][/div] (http://index.php?act=findpost&pid=67992\")
Try keychain then.
I've been using it on my desktop system since 2000, I only have to give my passwords once per boot, I can log out and log back in or even start another session and the still ssh without giving my password again. It also does gpg-agent but I don't sign alot of stuff so I haven't bothered setting it up.
I used to run keychain on my Z but lost it in a reflash and never got around to putting it back on as I generally only ssh onto the Z not from it.
Stu
[div align=\"right\"][a href=\"index.php?act=findpost&pid=68030\"][{POST_SNAPBACK}][/a][/div]
I just downloaded and packaged it as an ipk and can be downloaded from
[a href=\"http://cern.ch/andrew/zaurus]http://cern.ch/andrew/zaurus[/url]. I have not done much testing though.
Looks ok to me, let me know if there is something seriously wrong.
Enjoy,
Andrew
[div align=\"right\"][a href=\"index.php?act=findpost&pid=68071\"][{POST_SNAPBACK}][/a][/div]
Thanks for the help guys!
Starting ssh-agent from qpe.sh may work.
And I will try keychain too, and report the results.
-
After much experimentation, I can finally report success reproducing the functionality of keychain on Linux! ie, enter a passphrase once and it is fetched automatically.
Here's how it works:
1. Click on the Keychain icon
2. A opie-sh message box opens for you to type in a passphrase
3. If the passphrase is correct, the output of keychain is displayed and then embeddedkonsoles is opened. You can then open multiple terminal windows and ssh & scp at wil. The ssh-agent is killed when embeddedkonsole is closed.
4. Nothing happens if the passphrase entered is incorrect.
Here is the ipk (http://www.akiaki.org/zaurus/feed/zkeychain_2.51_arm.ipk)
You also need:
openssh-client
opie-sh
opie-sh-ssh-askpass
opie-embeddedkonsole
All these should be available on ZSI2 or you can get it on my feed (http://www.akiaki.org/zaurus/feed)
Please reply if you have any problems.
It should be plug & play if you have all packages installed properly.
-
Oooops, forgot to include keychain.png on the ipk.
Here (http://www.akiaki.org/zaurus/feed/zkeychain_2.51a_arm.ipk) is an updated ipk.
Also posted it on ELSI.
-
Just got a new version out. Includes functionality to configure and start encrypted tunnels for SMTP, POP3, HTTP and VNC traffic. Check-out this thread (https://www.oesf.org/forums/index.php?showtopic=11220&pid=72375&st=0&#entry72375)
You can download the new version here (http://www.akiaki.org/zaurus/zkeychain/index.html)