Xfce, Keychain And Two ssh-agents

While trying to find out how to make NetBeans work with keychain, I noticed that after I start Xfce and then keychain is run from my .bashrc, I end up with two ssh-agents running instead of one. I did not find out why it works this way, only thing I found out is that SSH_AGENT_PID is empty when running .bashrc, and I was not willing to dig deeper to find the cause. Anyway, I made a small patch that makes Xfce work with keychain:

--- /etc/xdg/xfce4/xinitrc.orig	2010-07-17 18:43:00.025468585 +0200
+++ /etc/xdg/xfce4/xinitrc	2010-07-17 18:54:10.045657796 +0200
@@ -113,7 +113,11 @@
 sshagent=`which ssh-agent`
 if test -z "$SSH_AGENT_PID" -a "$sshagent" -a "x$sshagent" != "xno"; then
-	eval `$sshagent -s`
+	if test ! -e $HOME/.keychain; then
+		mkdir $HOME/.keychain
+	fi
+	$sshagent -s | grep -v "echo Agent pid" > $HOME/.keychain/$HOSTNAME-sh
+	. $HOME/.keychain/$HOSTNAME-sh

The patch saves output of ssh-agent into file that keychain uses so keychain then reuses the current data and does not have to spawn new ssh-agent. just to make the info complete, this is what i have in my .bashrc:

keychain -q
. ~/.keychain/$HOSTNAME-sh
. ~/.keychain/$HOSTNAME-sh-gpg

bug report at xfce: bug 6558

Tags: , ,

NetBeans And ssh-agent

I am using SSH and DSA key for access to my company repositories. But NetBeans always failed to connect to the server because it did not find app which it could use to ask me for password. After I installed x11-ssh-askpass, the situation improved in a way that NetBeans asked me for my DSA key password each time I issued some command that communicates with the repo. As I use keychain, other way that makes the things work flawlessly is running NetBeans from terminal window, but it has one drawback – it’s pretty annoying to run NetBeans from terminal.

Finally I found a way to make it all work in (for me) ideal way. I modified NetBeans script so that it:

  • runs keychain
  • sources keychain file that exports all needed variables
  • adds keys that I want to the ssh-agent and prompts me for keys password if ssh-agent does not handle the keys yet

Here is the patch for NetBeans script:

--- /usr/share/netbeans-6.9/bin/netbeans.orig	2010-07-17 04:35:11.777217529 +0200
+++ /usr/share/netbeans-6.9/bin/netbeans	2010-07-17 05:25:38.895871679 +0200
@@ -169,6 +169,19 @@
+    keychain -q
+    if [ -e "$HOME/.keychain/$HOSTNAME-sh" ]; then
+        . $HOME/.keychain/$HOSTNAME-sh
+    fi
+    if [ -e $userdir/keychain-keys.txt ]; then
+        for key in `cat $userdir/keychain-keys.txt`; do
+            SSH_ASKPASS=`which x11-ssh-askpass`
+            export SSH_ASKPASS
+            if [ -n "$key" ]; then
+                keychain $key
+            fi
+	done
+    fi
     if [ "${founduserdir}" = "yes" ]; then
         exec $sh "$nbexec" "$@"

So if you have password protected SSH keys, all that you need to do to make them work in NetBeans without being annoyed is:

  • install keychain and x11-ssh-askpass
  • apply the patch above to NetBeans executable script
  • if you want to be prompted for SSH key passwords on NetBeans startup, create file $userdir/keychain-keys.txt and put there name of the files with the keys

Just minor update, I added this support to Gentoo ebuild for NetBeans, so since netbeans-6.9-r3 this feature can be activated by enabling ‘keychain’ use flag.

Tags: ,