_razorsedge.org____________________________________________________
Home | People | Picture Gallery | Mailing Lists | News | Stats | Search
Docs | Software | Résumé | Humour | Contact Info

Solaris CDE, ssh-askpass, and ssh-agent HOWTO

Mike Arnold

<mike at
  razorsedge dot org>

v200211021517, 02 November 2002


This short HOWTO will get you up and running ssh-agent on your Solaris CDE desktop. Then you won't have an excuse not to use password protected ssh keys for all your remote connectivity needs. ;-) It also sets you up to tunnel X GUI programs back through the ssh session so your stuff is encrypted (and tunneled).


  1. Install openssh for SPARC Solaris 8 from SunFreeware. Follow the openssh installation directions.
  2. Generate your first key with "ssh-keygen -t rsa". If you already have ssh keys without a password, then add a password via "ssh-keygen -l -f <keyfile>". "ssh-keygen --help" may be of use to you.
  3. Install ssh-askpass.
    1. Download the Solaris 8 package.
    2. "gunzip REsshap-1.2.4.1-1_sol8_sparc.gz"
    3. As root: "pkgadd -d REsshap-1.2.4.1-1_sol8_sparc"
  4. Put the following at the end of your $HOME/.dtprofile:
    # http://www.sun.com/solutions/blueprints/0102/configssh.pdf
    # ssh agent support
    # if /usr/bin/ssh-agent does not exist, then do not run.
    if [ -f /usr/bin/ssh-agent ]; then
            eval `/usr/bin/ssh-agent`
    # add keys here. Need one ssh-add per key. Consult the man page.
    #       Only add keys if the X passphrase requestor is present.
            if [ -x /usr/local/libexec/ssh-askpass ]; then
                    /usr/bin/ssh-add
            fi
    fi
  5. Log out of CDE and then log back in. If you have ssh keys with passwords, you will be prompted for their passwords.
  6. Open a terminal window and run: "ssh-add -l". You will get a listing of the ssh keys (if any) that ssh-agent knows about.
  7. Familiarize yourself with "ssh-add -x" and "ssh-add -X" and lock your terminal when you get up!!
  8. Check out the settings in the /usr/local/etc/ssh_config file. If you do not want to set system-wide settings in this file, then copy it to your .ssh directory: "cp /usr/local/etc/ssh_config $HOME/.ssh/config" and add the following lines to the end of it:
    Host *
      ForwardAgent yes
      ForwardX11 yes
      Protocol 2
    This will allow you to chain your agent through multiple hosts (and not have them ask for your credentials as the agent will take care of all that). You will also be able to tunnel X applications back through the ssh session to your workstation. It will also force you to use only ssh protocol 2 (which you should be doing anyway).
  9. Install openssh on your remote hosts as you did in step #1.
  10. Setup your authorized_keys file on your remote hosts ("scp $HOME/.ssh/id_rsa.pub remotehost:~/.ssh/authorized_keys").
  11. Now have fun doing stuff like: "ssh remotehost xclock". (Or better yet: "ssh -A -X -f -c blowfish host1 ssh -A -X -f -c blowfish host2 ssh -A -X -f -c blowfish host3 xclock").