Wednesday, 22 August 2007

Getting ssh-agent going on Mac OSX

It seems irritating that OSX doesn't have an easy way to get ssh-agent running for a login session. However it can be done using launchd and a bit of scripting.

Before you start you'll need to have an /Users/username/.ssh directory (where username is your username) - or alter the scripts appropriately below. Create file /Users/username/Library/LaunchAgents/ssh-agent.plist containing:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.ssh.ssh-agent</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/Users/username/.ssh/ssh-agent.sh</string>
<key>RunAtLoad
</key>
<true/>
<key>ServiceDescription</key>
<string>Launch ssh-agent</string>
</dict></plist>

Then create a file /Users/username/.ssh/ssh-agent.sh containing:
#!/bin/sh
rm /Users/username/.ssh/ssh-agent.pipe
exec /usr/bin/ssh-agent -a /Users/username/.ssh/ssh-agent.pipe -d

Note: ssh-agent has to be started using -d option as launchd doesn't like processes to fork off into 'daemons'...probably why a few people don't like it.

Make the script executable:
$ chmod +x /Users/username/.ssh/ssh-agent.sh

Then ssh-agent will get started next time you login by launchd, or you can start it immediately by running:
$ launchctl start com.ssh.ssh-agent

Now you need to set the following environment variable (you can use RCEnvironment to set ~/.MacOSX/environment.plist) - probably easiest to add the following line to your /Users/username/.profile:
export SSH_AUTH_SOCK=/Users/username/.ssh/ssh-agent.pipe

You can then add your keys (assuming you've set 'em up using ssh-keygen or whatever) to the agent using:
$ ssh-add



2 comments:

  1. I've gone through all of your instructions, but I still get: "Could not open a connection to your authentication agent." Even though I show ssh-agent running: "153 ?? Ss 0:00.01 /usr/bin/ssh-agent -a /Users/dtto/.ssh/ssh-agent.pipe -d"

    i've doublechecked all the scripting, but i'm guessing i have something basic disabled that you are assuming is running.

    i'm on 10.4.11. any help appreciated

    ReplyDelete
  2. @Devin
    Excerpt from:http://www.mothersruin.com/software/SSHChain/faq.html#I4

    The most likely cause for this is that the socket path you've set via the environment.plist does not match the one specified in the SSHChain Preferences dialog. Another possibility is that the environment.plist is not being loaded correctly. Check the value of the SSH_AUTH_SOCK variable in the shell.

    ReplyDelete