A program to find an already running SSH agent

Here is a shell script to search for an already running ssh-agent and then look up what sockets it uses to work out how to set the SSH_AUTH_SOCK variable.

Note that this only works for sh like shells (zsh, sh, bash, etc) if you use csh or similar change it so it prints a setenv instead. I made an alias to eval it's output, eg

alias findagent='eval `~/bin/findagent`'

So I just run 'findagent' on login and everything works - this is especially handy if you run things in a screen session.

Furthermore you can use pam_ssh(8) to login by authenticating against your SSH passphrase. This is handy as it means you only have to enter your passphrase once (during login) and gives you a reasonable facimile of single sign on. Unfortunately it requires fairly major modifications to the pam configuration files because each one is essentially a copy rather than including in a main one. I modified /etc/pam.d/system to look like so

#
# $FreeBSD: src/etc/pam.d/system,v 1.1 2003/06/14 12:35:05 des Exp $
#
# System-wide defaults
#

# auth
auth            sufficient      pam_opie.so             no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
#auth           sufficient      pam_krb5.so             no_warn try_first_pass
#auth           sufficient      pam_ssh.so              no_warn try_first_pass
auth            sufficient      pam_ssh.so
auth            required        pam_unix.so             no_warn use_first_pass nullok

# account
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
session         optional        pam_ssh.so              want_agent
session         required        pam_lastlog.so          no_fail

# password
#password       sufficient      pam_krb5.so             no_warn try_first_pass
password        required        pam_unix.so             no_warn try_first_pass

And then modified the other pam.d files to use it via include rather than duplicate it, eg here is /etc/pam.d/kde

#
# $FreeBSD: src/etc/pam.d/kde,v 1.6 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "kde" service
#

# auth
auth            required        pam_nologin.so          no_warn
auth            include         system

# account
account         include         system

# session
session         include         system

And /etc/pam.d/su

#
# $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $
#
# PAM configuration for the "su" service
#

# auth
auth            sufficient      pam_rootok.so           no_warn
auth            sufficient      pam_self.so             no_warn
auth            requisite       pam_group.so            no_warn group=wheel root_only fail_safe
auth            include         system

# account
account         include         system

# session
session         required        pam_permit.so

Daniel O'Connor

Last modified: Fri May 4 12:20:03 CST 2007