% - ssh-agent with MacOS X


	Code	ssh-agent with MacOS X
[ home about me music cv background involvements code community hosting metal log contact webmail ]

The Problem

From ssh-agent(1):

ssh-agent is a program to hold private keys used for public key authentication (RSA, DSA). The idea is that ssh-agent is started in the beginning of an X-session or a login session, and all other windows or programs are started as clients to the ssh-agent program. Through use of environment variables the agent can be located and automatically used for authentication when logging in to other machines using ssh(1).

Unfortunatly, under MacOS X you don't have the opportunity to run your whole session out of the agent. This means that you need to set up two things yourself for it to work. One is the environmental variable that ssh uses to find the socket to talk to ssh-agent through, and the other is taking care of starting and stopping the agent.

The Environment

ssh-agent(1) uses the environmental variable SSH_AUTH_SOCK to indicate the location of the unix domain socket that it is listening to. Typically, ssh-agent would serve as an umbrella process, subprocesses inheriting this variable. We can set up a global environment variable under MacOS X with the ~/.MacOSX/environment.plist.

Make ~/.MacOSX directory (if it doesn't exist)
```
$ mkdir ~/.MacOSX
```
Decide where the socket is going to live. I would suggest somewhere in your home directory, like "/home/username/.ssh/ssh-agent.socket".

Create your environment.plist file in the .MacOSX directory. Is should look something like this (with your username instead of "username"):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>SSH_AUTH_SOCK</key>
        <string>/Users/username/.ssh/ssh-agent.socket</string>
</dict>
</plist>

Alternatively, you can use Apple's Property List Editor app to create the plist file. See apple tech Q&A #1067 for more information.

For this to take effect, you must log out, then log back in.

The Agent

I run Apple's X11, so my solution was to attach the agent to my window manager, so it would be run when X11 ran, and would die when I logged out. Here is how I set it up:

Edit your .xinitrc, wrapping your window manager with the agent. The relevant line of my old .xinitrc is this:
```
exec /usr/X11R6/bin/quartz-wm
```
And the new line is:
```
exec /usr/bin/ssh-agent -a $SSH_AUTH_SOCK /usr/X11R6/bin/quartz-wm
```
The -a flag tells the agent to use the path that you have chosen for its socket.
Make sure that X11 will run upon login. This is controlled by the Login Items control panel in your System Preferences.
Run X11, if it isn't isn't already running, and you're set!

Other Solutions

There are several solutions to this problem.
Here are some other solutions:

SSH Agent - a app style GUI driven front end to ssh-agent
Bryan Blackburn's script solution - very informative; provides a script that checks for a running agent, and spawns one if needed.