Results 1 to 6 of 6

Thread: ksshaskpass accepts my passphrase, but ssh-add apparently doesn't run

  1. #1
    Join Date
    Jun 2008
    Location
    Kaneohe, HI
    Posts
    129

    Default ksshaskpass accepts my passphrase, but ssh-add apparently doesn't run

    I just updated to 12.3 from 12.1.

    With 12.1 I have ksshaskpass configured to request my passphrase. After I enter it the application functions as expected by passing my passphrase to every system I remotely log into.

    This isn't the case with 12.3, though. ksshaskpass requests my passphrase, I enter it and it appears to be accepted. However, each system I remotely log into still asks for my passphrase.

    I found the thread at https://forums.opensuse.org/english/...t-working.html which shed some light on the issue. That being that if I manually run ssh-add I am then able to remotely log into each server cleanly without needing to re-enter my passphrase.

    The suggestion made by nrickert was less helpful. I added the entries to my .profile as was suggested, but this did not help. Specifically, my .profile seems to be getting overridden by the system variable which is set to /usr/lib/ssh/ssh-askpass instead of what I set (again, per the suggestion: /usr/lib/ssh/ksshaskpass). I suspect that is playing a big part in this.

    ssh-agent is starting as per my .bash_profile:
    Code:
    SSH_ENV="$HOME/.ssh/environment"
    
    function start_agent {
         echo "Initialising new SSH agent..."
         /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
         echo succeeded
         chmod 600 "${SSH_ENV}"
         . "${SSH_ENV}" > /dev/null
         /usr/bin/ssh-add;
    }
    
    
    # Source SSH settings, if applicable
    
    
    if [ -f "${SSH_ENV}" ]; then
         . "${SSH_ENV}" > /dev/null
         #ps ${SSH_AGENT_PID} doesn't work under cywgin
         ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
             start_agent;
         }
    else
         start_agent;
    fi
    Can anyone shed any light on this issue for me? Is it a known problem with KDE 4.10? Is there a solution that I just haven't been able to find?

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,897
    Blog Entries
    3

    Default Re: ksshaskpass accepts my passphrase, but ssh-add apparently doesn't run

    Try something like:
    Code:
    SSH_ASKPASS=/usr/lib/ssh/ksshaskpass
    export SSH_ASKPASS
    in your ".bashrc"
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  3. #3
    Join Date
    Jun 2008
    Location
    Kaneohe, HI
    Posts
    129

    Default Re: ksshaskpass accepts my passphrase, but ssh-add apparently doesn't run

    Hello nrickert. I tried as you suggested and found that I am still prompted for my passphrase when I attempt to connect to another system. Only after I run ssh-add and enter my passphrase for that do I no longer have to do so on each remote server.

    There appears to be a disconnect between ksshaskpass and ssh-add.
    Last edited by theillien; 27-Mar-2013 at 16:09. Reason: corrected information

  4. #4
    Join Date
    Jun 2008
    Location
    Kaneohe, HI
    Posts
    129

    Default Re: ksshaskpass accepts my passphrase, but ssh-add apparently doesn't run

    One thing I've found is that if I force ssh-add to start by using an Autostart script I am prompted for my passphrase by ksshaskpass a second time after my desktop has loaded (the first is after I've logged in and before my desktop loads; when my environment files are read). Doing this works. I enter my passphrase and I'm able to log into remote servers without being prompted for my passphrase.

    The problem is, I am now required to enter my passphrase twice. First when I log in and again when the Autostart script is executed. The script code I added to my initial post runs from my .bash_profile. It executes ssh-add which is why I'm asked for my passphrase immediately after login and before my desktop loads. If I comment out the line that executes ssh-add I'm only asked once: after my desktop loads. Unfortunately, this doesn't help. I'm still asked for my passphrase when logging into a remote server.

    I feel I'm technically correct in that ssh-add is the culprit. However, it seems that the initial execution doesn't cache my passphrase as it should rather than ksshaskpass having a disconnect from ssh-add as I initially thought. The second execution appears to be the trigger that caches my passphrase.

  5. #5
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,897
    Blog Entries
    3

    Default Re: ksshaskpass accepts my passphrase, but ssh-add apparently doesn't run

    I normally use "ssh-add" from a command line, once per login session. So I am not doing it the same way that you are.

    However:

    If I set
    SSH_ASKPASS=/usr/lib/ssh/ksshaskpass
    in my environment, and if I run "ssh-add" from a GUI (not sure if that is possible), or if I use
    Code:
    ssh-add keyname < /dev/null
    in a terminal, then ksshaskpass prompts for the passphrase on the first attempt, then remembers that in kwallet. On future occasions ssh-add (with the input redirection) will get the answer from kwallet.

    If I use ssh-add at the command line, and don't do input redirection, I am prompted at the command line.

    In any case, here is the biggest difference between what you are doing and what I am doing:

    You are starting "ssh-agent" from your bash profile. I am not. Maybe see what happens without that.

    For me, I see ssh-agent being automatically started, without my having to do anything. I think it is started as long as I have a ".ssh" directory.

    What I think is happening for you, is that ssh-agent is being started twice and each of the ssh-agent processes is prompting for a key. Hence the double key.

    I'm mostly guessing. You will have to experiment to check that.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  6. #6
    Join Date
    Jun 2008
    Location
    Kaneohe, HI
    Posts
    129

    Default Re: ksshaskpass accepts my passphrase, but ssh-add apparently doesn't run

    What I've discovered since my last post:


    • using kwallet and setting the SSH_ASKPASS variable and running ssh-add both in the same Autostart file works. The problem I have with this is that I'm still entering two credentials.
    • setting the SSH_ASKPASS variable and running ssh-add both in the same Autostart file without kwallet also works. I am able to enter my passphrase once and not be required to enter it again. The only difference between this method and the method I used with 12.1 is that on 12.1 I was asked for my passphrase as soon as I logged in. This method asks for it after my desktop loads.



    My Autostart file:
    Code:
    #!/bin/bash
    export SSH_ASKPASS=/usr/lib/ssh/ksshaskpass
    ssh-add </dev/null

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •