System Administration Guide: Security Services

ProcedureHow to Set Up the ssh-agent Command to Run Automatically in CDE

If you use CDE, you can avoid providing your passphrase and password whenever you use Solaris Secure Shell by automatically starting an agent daemon, ssh-agent. You can start the agent daemon from the .dtprofile script. To add your passphrase and password to the agent daemon, see Example 19–3.

Caution – Caution –

If you use the Sun Java Desktop System (Java DS), do not set up the ssh-agent command to run automatically. Because the killing of the ssh-agent process is controlled by a CDE interface, when you exit the Java DS, the daemon continues to run. For example, if you start the daemon in a CDE session, move to a Java DS session, and then log out, the daemon continues to run.

A running daemon uses system resources. Although no known issues are associated with leaving the ssh-agent daemon running, the daemon contains a password, which could create a security risk.

  1. Start the agent daemon automatically in a user startup script.

    Add the following lines to the end of the $HOME/.dtprofile script:

    if [ "$SSH_AUTH_SOCK" = "" -a -x /usr/bin/ssh-agent ]; then
                    eval `/usr/bin/ssh-agent`
  2. Terminate the agent daemon when you exit the CDE session.

    Add the following lines to the $HOME/.dt/sessions/sessionexit script:

    if [ "$SSH_AGENT_PID" != "" -a -x /usr/bin/ssh-agent ]; then
                    /usr/bin/ssh-agent -k

    This entry ensures that no one can use the Solaris Secure Shell agent after a CDE session is terminated. Because the script uses a CDE-specific interface, sessionexit, this procedure does not terminate the agent daemon in a Sun Java Desktop System session.