ssh-add, ssh-agent, OS X keychain
|
View:
New views
1 Messages
—
Rating Filter:
Alert me
|
 |
ssh-add, ssh-agent, OS X keychain
by shdjsahwkjq ehwq kehwkq h
::
Rate this Message:
Reply (Restricted by the Administrator) | Reply to Author | View Threaded | Show Only this Message I have been at this long far too long, hopefully someone more familiar
with ssh and how it interacts with OS X and the OS X keychain will be able to point me in the right direction. In short, I am trying to remove my identities from ssh. However, OS X seems to make this a bit mysterious. From either a cold boot, or the login screen in OS X, open a shell, and initiate an ssh session (ssh user@...). At this point, my keys kick in, and an OS X secure password dialogue box is presented. I am asked to enter in a password, and have the option to save it in the OS X keychain. I chose to save it. From that point forward, I can make any ssh login without being pestered for a password. It seems that ssh-agent was started, with the -l argument, which I can find no documentation as to what it does. ssh-add -l shows that it is had loaded my key just fine. If I reboot, or logout of my account, since my password has been saved in the OS X keychain, any new ssh attempt will ask me to *unlock my keychain*. ssh-add picks up the remote ssh password from the OS X keychain, and allows me in. I would like this behavior on wake from sleep. I have managed to get OS X to run a script of my choosing on wake from sleep. However, no command I seem to issue will reset ssh-agent back to the same state it was in pre boot, or just after a user login. With my ssh data now stored in the OS X keychain, here is a working example: 1) Logout of OS X 2) Login to my account on OS X 3) ssh user@... 4) Alert: please unlock your keychain It is near step #1 that I want to mimic in script. I have tried: launchctl stop org.openbsd.ssh-agent ssh-add -l still shows me my fingerprint launchctl unload /path/to/org.openbsd.ssh-agent.plist launchctl load /path/to/org.openbsd.ssh-agent.plist Secure password entry form, not the unlock keychain form, asking me if I again want to save a password that already exists in the OS X keychain. ssh-add -d and ssh-add -D Secure password entry form, same as above. I have also sent off kill commands to ssh-agent, which again, gives me a secure password field, but not the unlock keychain request. So far, the only way I can make this work, is to actually log out or restart. Does anyone know how to restore the state of ssh-agent to how is is just after a logout? -- Scott * If you contact me off list replace talklists@ with scott@ * |
| Free embeddable forum powered by Nabble | Forum Help |
