Linux Mint Forums

[quixote]

I've been running LinuxMint Debian squeeze for months (a year?), mostly using Gnome 2.30 desktop. In that setup, ssh login is remembered for the session, so my scheduled rsync backups run fine.

However, I like the look of kde better, and I'm into Gnome3 avoidance, so I'm using KDE4 with the "use classic menus" option. For some reason, under kde my ssh login is always forgotten immediately.

I've read about changing the setting: ServerAliveInterval 5 in /etc/ssh/ssh_config. But what I need, I think, is "LoginAlive"? And since it works fine under gnome, it seems to me it's not ssh settings I need to change, but something in my kde settings. But where? ??

I hope somebody can help with this obscure question! It's one of those silly little things which is resulting in no backups which could result in really big nasty things.

Update 2012-04-26 : see my last reply for what turned out to be the solution. The others didn't quite work.

[quixote]

It looks like KDE walletmanager may be the issue here. I'll run over what I've found, and then I hope someone can tell me how to authenticate for the session only, not permanently.

At this web site, http://mah.everybody.org/docs/ssh, it's mentioned that gnome automatically launches ssh-agent, but kde doesn't. He says to add

Code: Select all

ssh-agent kde

to one's ~/.xsession file.
My ~/.xsession file has:

Code: Select all

# if use-ssh-agent is specified in /etc/X11/Xsession.options
# (this is the default) then you need only the second line
# eval ssh-agent
ssh-add

and when I check /etc/X11/Xsession.options, it has a line:

Code: Select all

use-ssh-agent

So, isn't ssh-agent running, just as it should, long before kde starts up? Do I actually need the "ssh-agent kde" line in ~/.xsession?

If I'm understanding that right, then my problem must be that Wallet Manager is interfering and I need to change settings there. I found some instructions at http://aeparker.com/blog/ssh-agent-kde-wallet. I'll quote them here just to have everything in one place:

ssh-agent should have been installed as part of openssh, so make sure that kde wallet is installed (it probably is), and then install ksshaskpass.

Now create three scripts as follows:

~/.kde4/env/ssh-agent.sh
eval `ssh-agent`

~/.kde4/shutdown/ssh-agent.sh
ssh-agent -k

~/.kde4/Autostart/ssh-add.sh
#!/bin/bash
export SSH_ASKPASS=/usr/bin/ksshaskpass
/usr/bin/ssh-add

But then it says: "Now the key will be ready for use until you logout of KDE. In the future, you will just need to enter the wallet password on login."

I don't want my wallet password to provide automatic access to my ssh login for my backup server. Which sounds like what I'd be doing if I follow those instructions. My wallet password is fairly simple because mine is a single-user machine. I just want kde to remember my ssh login for the session (only!) and to allow rsync to access that without my input, the same way it did on gnome.

How do I get walletmanager to do that?

[quixote]

Well, I decided to follow those instructions and see what happened. The good news: it works. The wallet asks for my wireless "keyring" password (or whatever it's called, not my actual WPA password), as before, and then separately asks for the passphrase to unlock my public-key-private-key ssh connection. If I don't check "remember password" box, then it stores them only for the session, which is what I want.

The only thing I don't know is if there are any security implications to doing this. I wouldn't think so, but the amount I know about security fits on a thumbnail. So, if anyone knows more about this, please enlighten me! So far, I'm marking this "solved."

[Had to change title quite a bit so I could fit in "Solved" Hope that's not a problem.]

[quixote]

Turns out that wasn't the end of the story. The whole backup script and the rsync line by itself would run in a terminal, but cron would run the script and then return a "Permission denied" error when it hit the rsync line. Again, none of this happened in gnome, so it was something to do with kde.

Turns out gnome exports (or whatever the correct technical term is) the environment variables of the interactive login bash shell (ie what you're using when you open a command line terminal) to non-interactive ones, ie what cron is using. Kde, I guess, doesn't do this. (Are they nuts? Word to LMDE devs: maybe this can be one of the many things you fix when you roll the LMDE kde distro? )

A fix is to export your whole "normal" environment*, and put access to it in your script.

Code: Select all

env > $HOME/.cronenv

(Obviously, you can call the file what you like and put it where you want. Just be sure to reference it the same way in your script.) In the script, the first couple of lines are:

Code: Select all

#!/bin/sh
. $HOME/.cronenv

In csh, that second line would be "source $HOME/.cronenv" and you see it that way at many web sites. Then it doesn't work, and if you're like me, you gnash your teeth. Turns out, in bash, they use that initial "." instead. I had some error messages about lines in my .cronenv that the non-interactive shell didn't like, mainly to do with color settings. I didn't need them for rsync or ssh, so I deleted them, and everything worked fine. I found these answers at stackoverflow.com here: http://stackoverflow.com/questions/6406713/how-to-pass-all-bash-env-variables-to-cron and here: http://stackoverflow.com/questions/670191/getting-a-source-not-found-error-when-using-source-in-a-bash-script.

*You can see what's in your "normal" environment by typing "env" (without quotes) at a command prompt. You can see what cron uses by putting a line in your crontab and setting it to run in the next few minutes. E.g., if it's now 11:15, the line would look like:

Code: Select all

17 11 * * * env > cron-env-output.txt

The file with cron's env variables will be in your home directory.

[quixote]

That last "solution" didn't work after logging out and back in again. It saved my environment for that session, but a new session has different ssh authentication, so of course it didn't actually work. What I needed was some way to get cron to see the ssh relevant data, in other words to somehow get at SSH_AUTH_SOCK. Turns out the solution is the same as in gnome, except that kde keeps the relevant info in another place.

In gnome, the line in my crontab looked like this:

Code: Select all

45 09 * * *  SSH_AUTH_SOCK="$(find /tmp/keyring*/ -perm 0755 -type s -user quixote -name '*ssh' | head -n 1)" /path/to/command/or/script

In kde, it's like this:

Code: Select all

45 09 * * * SSH_AUTH_SOCK="$(find /tmp/ssh*/ -type s -user quixote | head -n 1)" /path/to/command/or/script

kde keeps the session ssh socket in /tmp/ssh-session-ID/ instead of in /tmp/keyring-session-ID. (Change the user name of course.) That particular line would run the script every day at 9:45 after getting access to the ssh keys for passphraseless login stored for the session.

So, triumph at long last.