All the Perl that's Practical to Extract and Report

set-ssh-agent for Mac OS X

pudge on 2002-09-12T17:09:06

This is a little script to start an ssh-agent for use globally under Mac OS X. I had been using SSHAgentServices, a login plugin, but it stopped working in 10.2. I think perhaps Apple disabled third-part login plugins. Maybe not. Anyway, so I wanted a workaround, and here it is.

The caveat is that it needs to be run before your login session begins, so that the environment can propogate down to all your various apps. So what I do is log in first as user ">console", which gives me a console, where I log in as pudge and run the script. Then I log out, get the login window back, and log in normally.

Along with SSHPasKey, this is used to create an ssh-agent and add an ssh key that I can use universally with all my login sessions.

It uses Mac::PropertyList by brian d foy.

#!/usr/bin/perl # set-ssh-agent.plx # pudge@pobox.com 2002.09.12

# Run this script before your login session begins, either by logging in via >console # or logging in and logging back out normally.

# It is meant to be used in conjunction with SSHPassKey, and this little startup # AppleScript, which executes SSHPassKey to add your ssh key to the agent:

# try # do shell script "/usr/bin/ssh-add" # end try

# Note that I also add the environment to .bashenv, which is then source'd # from .bash_profile, so that I can get the ssh-agent from all my login sessions.

use strict; use File::Spec::Functions; use Mac::PropertyList;

my $env = `/usr/bin/ssh-agent -s | grep -v echo`; die "No ssh-agent: $?" unless $env;

my $file1 = catfile($ENV{HOME}, '.MacOSX', 'environment.plist'); my $file2 = catfile($ENV{HOME}, '.bashenv');

my $plist = Mac::PropertyList::parse_plist(do { local $/; open my $fh, $file1 or die "Can't read $file1: $!"; <$fh> }); die "No plist at $file1" unless $plist; # file must already exist

for (qw(SSH_AUTH_SOCK SSH_AGENT_PID)) { $env =~ /^$_=([^;]+);/m; $plist->{value}{$_} = { value => $1, type => 'string' }; }

open my $fh1, "> $file1" or die "Can't write to $file1: $!"; print $fh1 Mac::PropertyList::plist_as_string($plist); close $fh1;

open my $fh2, "> $file2" or die "Can't write to $file2: $!"; print $fh2 $env; close $fh2;

exit(0);

__END__

`ssh-agent -s` format: SSH_AUTH_SOCK=/tmp/ssh-XBkE5WTV/agent.24107; export SSH_AUTH_SOCK; SSH_AGENT_PID=24109; export SSH_AGENT_PID;

An alternative

pjm on 2002-09-13T02:19:29

For those who don't want to go the >console route all the time there's SSH Agent, which is a small free GUI app that does similar things. It replaced SSHAgentServices for me and is travelling fine. Source is available.

http://www.versiontracker.com/moreinfo.fcgi?id=16051&db=mac

This is from the readme file:
-------------------------------------
The Global Agent

The key to making the agent accessible is the SSH_AUTH_SOCK environment variable. The tools in the SSH suite communicate with the agent over a socket whose location is given in the environment variable. If some tool can't read the environment variable, it can't find the socket which means it can't use the agent.

The best way to set an enviroment variable globally is documented in Apple's Technical Q & A 1067. Unfortunately, ssh-agent uses a different socket each time it is launched. So it seems we can't use this method.

The trick is this: we specify a unique file location in the global environment (using the Environment tab in SSH Agent's Preferences pane) and then link that file to the socket ssh-agent uses.

There are a number of rules to follow when using this trick. The most important one is that both ends of a link should reside on the same filesystem. Since ssh-agent creates its sockets in /tmp the default value for SSH_AUTH_SOCK is also a file on /tmp. If you want to customize this variable, make sure the file you specify in is on the same filesystem as the socket by using the df command. (For more ways for link to fail, see it's man page.)

Re:An alternative

Theory on 2002-09-21T00:27:56

I'm glad to see this, as I've really missed SSHAgentServices. But neither of these solutions is as optimal as SSHAgentServices was, IMO. The ">console" login stuff is a PITA, and I hate the idea that I have to have the SSH Agent application running whenever I want to use SSH (which is to say, all day long!).

I wrote to Kevin Van Vechten, the creator of SSHAgentServices, to see if he'd be willing to update it for Jaguar, but I've not heard back from him. I tried to write him once before, several months ago, and din't hear back then, either. But I expect that something really simply needs to be changed to get it to work -- I just don't know what it is!

Anyway, thanks for the link. I'll be talking about this in my OSXConn Presentation.