This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: keychain doesn't properly cache ssh key


Dominik Hoffmann wrote:

> I have a very stock installation of Cygwin (Cygwin.dll Version 1.5.21-2)
> on Windows XP Pro. I installed the ssh and rsync packages, as well as
> keychain, all from Cygwin's installer interface. The version of
> keychain, as you probably know, that Cygwin currently installs is
> 2.5.3.1. keychain is said to work in the Cygwin environment, and yet I
> get this type of behavior:
> 
>> Administrator@NICHD-PALM-Xfer ~
>> $ keychain id_dsa
>>
>> KeyChain 2.5.3.1; http://www.gentoo.org/proj/en/keychain/
>> Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL
>>
>> * Found existing ssh-agent (504)
>> * Known ssh key: /home/Administrator/.ssh/id_dsa
>>
>>
>> Administrator@NICHD-PALM-Xfer ~
>> $ ssh palmxfer@ssh0.janelia.org
>> Enter passphrase for key '/home/Administrator/.ssh/id_dsa':
>> Last login: Thu Aug 10 17:53:06 2006 from nichd32t33.nichd.nih.gov
>> [palmxfer@b04u02 ~]$
> 
> In other words, it recognizes the existing cached key but doesn't use
> it.

To be precise: keychain recognizes the existing cached key but ssh doesn't use
the cache.

> Maybe this issue with ssh-add gets at the root of the problem:
> 
>> Administrator@NICHD-PALM-Xfer ~
>> $ ssh-add ~/.ssh/id_dsa
>> Could not open a connection to your authentication agent.

Yep, that means that keychain (which started ssh-agent) did not set the
environment variables SSH_AGENT_PID and SSH_AUTH_SOCK, without the second none
of the other command will connect to ssh-agent (try "ssh-add -l" an you'll get
the same output).

You can test by setting the variables yourself, do a "ls /tmp/ssh*" to see where
the socket is, then set the variables, for instance:

$ ls -d /tmp/ssh*
/tmp/ssh-43tNvsvRBs/
$ ls /tmp/ssh*
agent.3580=
$ export SSH_AGENT_PID=3580
$ export SSH_AUTH_SOCK=/tmp/ssh-43tNvsvRBs/agent.3580

> Note the error message.
> 
> Is anyone aware of anything that would help me to get keychain work
> adequately?

Even with that some commands will not work as expected because they seem to use
gpg-agent, for instance: "gpg --sign -b --use-agent Wiz.tar.gz".

Keychain seems to be missing the equivalent of "eval `ssh-agent -s`" (if using
bash).
-- 
René Berber


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]