gpg: failed to create temporary file '/var/lib/lurker/.#lk0x569aa100.hantslug.org.uk.25892': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Thu Mar 6 19:11:48 2008 GMT
gpg: using DSA key 20ACB3BE515C238D
gpg: Can't check signature: No public key
On Thu, Mar 06, 2008 at 06:49:37PM -0000, Rob Malpass wrote:
> OK this is a bit of an old chestnut (and I've asked it before on this list) but I've come unstuck again with ssh - can anyone help?
>
> I have two boxes (A=client and B=server) and I want to ssh from A to B to run a command and I want it to dispense with the formality of asking for a password / passphrase.
> I've generated my keys on A and copied the public one over and
> appended it to authorized_keys2 on the B but still I'm being asked
> for a passphrase. I'm wrong somewhere - can't see where though. Is
> it permissions?
There are two ways of achieving this:
- Don't set a passphrase on the private key
- Use a key agent
The former is pretty straightforward, but may need additional
configuration (as suggested by Mark) if you want to use specific keys
for specific connections.
How you approach the latter depends on whether you want to do it in
an interactive session or from a script.
For an interactive session, most distributions I've played with
start you up in X with a ssh-agent wrapper already in place, so all
you need to do is run "ssh-add" at the beginning of the session and
provide your passphrase once. After that, any use of ssh will request
the key from the agent, and you're away.
If you're running an interactive session in a VT or other login
(i.e. not under X), you will probably need to start a shell under the
ssh agent. Simply run "ssh-agent bash", then "ssh-add", and you're
away.
For a non-interactive session, you need a more persistent agent. I
tend to use "keychain". Run keychain to start an agent in the
background, and then use ssh-add to add your key to it. keychain will
write a shell script to ~/.keychain/<host>-sh which you can source in
any script you want to run unattended (such as a cron job). This will
give the job access to the agent, and it can then get hold of the key.
Hugo.
--
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk
--- Is a diversity twice as good as a university? ---
