Montag, 25. Oktober 2010

SSH agent forwarding in Scratchbox

I usually have the Maemo SDK running inside a VM - either completely remote or on the same machine (so I can have a 32-bit minimal Debian install containing Scratchbox independent of the host system). I can then SSH into the development VM from my working machine using public key authentication and the SSH agent. I also have agent forwarding set up, so that I can SSH from the SDK machine directly to the N900 (to deploy binaries and .debs) or to some server requiring SSH access (e.g. without having to generate lots of keys and distributing the key to all kinds of different machines.

Using -A (or ForwardAgent yes in .ssh/config) when SSHing into the SDK machine makes it possible to connect to other machines from it, utilizing your SSH key. This sadly does not work when starting scratchbox, because it opens a new environment, and the $SSH_AUTH_SOCK environment variable is lost. To fix this, I simply write the contents of this variable into a file accessible from Scratchbox and then export this variable in the Scratchbox login script. I usually also have a symlink in $HOME pointing to the SDK $HOME:

ln -s /scratchbox/users/$USER/home/$USER ~/sdk

With this in place, I can now edit the "normal" user's login script by adding the following line at the end of .bashrc:

echo $SSH_AUTH_SOCK >~/sdk/.ssh_auth_sock

Scratchbox has its own login script (also called .bashrc, but sitting in the Scratchbox home folder), so we edit this and add the following line:

export SSH_AUTH_SOCK=`cat .ssh_auth_sock`

After this, logout of Scratchbox, logout of the SSH session and then connect again with SSH forwarding:

ssh user@maemosdk -A
ssh-add -l

The last command should display the fingerprint of your SSH key. You can now connect to remote hosts from within your Scratchbox session while your SSH key still resides only on your local machine, loaded into the SSH agent.

Keine Kommentare: