Re: root-tail or newer?

Frederick Bruckman (
Tue, 10 Aug 1999 11:27:42 -0500 (CDT)

On 10 Aug 1999, Oystein Viggen wrote:

> Frederick Bruckman wrote: 
> > Exactly. In ~/.xsession, "exec afterstep" -> "exec ssh-agent afterstep".
> > 
> > Now you invoke "ssh-add", type the passphrase for your key when
> > prompted, and every child of ssh-agent (afterstep) will have access to
> > your private key. Thus "ssh" will work transparently. When you exit
> > afterstep, ssh-agent quits too, your session ends, and your key is
> > once again inaccessible.
> If you use a key without a passphrase, you will not need to use
> ssh-add, either. This is of course _very_ dangerous if you are not
> sure what you are doing. If somebody compromises your account, or root 
> on your machine, they also have your account on the other machine.
> It's practical if you for example want to run asload on the other
> machine in your wharf. If you use a passphrase, you will have to run
> ssh-add before afterstep.

You can still have a passphrase. Try it. What happens is, as soon as
you try to run ssh, ssh-agent will open a dialog asking for your
passphrase. If you invoke ssh-add without a shell, it will do the same
thing. If you can figure out how to invoke ssh-add before asload,
you'll once again only have to enter the passphrase once.