|
|
HomeGraffitiAboutSitemapVisualDevWork
Email BrianGPG Key |
GRAFFITI -- April 09, 2007 thru April 15, 2007>> Link to the Current Week <<Last Week << Mon Tues Wed Thu Fri Sat Sun >> Next Week Welcome to Orb Graffiti, a place for me to write daily about life and computers. Contrary to popular belief, the two are not interchangeable. About eMail - I publish email sometimes. If you send me an email and you want privacy or anonymity, please say so clearly at the beginning of your message. |
 
|
MONDAY
Tues
Wed
Thu
Fri
Sat
Sun
April 9, 2007
No Post.
Mon
TUESDAY
Wed
Thu
Fri
Sat
Sun
April 10, 2007
1319 - Good afternoon. I suppose staying busy and out of trouble is better than the alternative ... but that doesn't leave time for very much else. As usual, Mondays bring their special set of chores into my life - they all got done, but I forgot to put anything at all up here. But now, instead, I'll inflict some random thoughts on y'all.
Today is patch Tuesday. Of course, so was last Tuesday, at least for the ANI vulnerability. For the vast majority of users, Automatic Updates just took care of that issue. Of course, if you had already been affected, and infected by a unknown variant of evilness ... you're out of luck. And even if you're safe, you can get confusing messages because of your hardware. Those users with RealTek sound chips have issues - the ANI vulnerability patch breaks the RealTek DLL. There are updated drivers which in application worked for a remote family member, and a page from Microsoft that addresses that issue as well. There are a lot of stories I've heard about this, but the reality of the situation is that the vulnerability should have been fixed back in 2005 by the OS vendor, but wasn't. One processing path was patched, and they called it done. There were other ways to get the borked data past the validators. Lovely, just lovely.
There's more, but I should be busy again. Lunch is done. Ciao!
Mon
Tues
WEDNESDAY
Thu
Fri
Sat
Sun
April 11, 2007
0701 - Good morning. Last night, I got an email from Willie...
Subject: keychain KDM
Hi Brian
You are #4 on google with the above search term. I too can't get nice KDM-keychain integration and end up booting into console mode, letting .bashrc run keychain for me, and then I "startx" manually.
And it bugs the hell out of me....
I'm bookmarking your blog and will check back every few days to see if you have found a better solution. Did you get much/any feedback on this topic? A quick search shows no further mentions.
I've occasionally approached that problem over the last few years. Some vendors seem to deal with it well in their default installs, others ... not so much. And I don't know why. If the Xsession (whatever manager/environment is starting up) can detect that you have a ~/.ssh/id_dsa file, then why doesn't it just do the right thing: start ssh-agent and prompt for the passphrase during the X login/startup process?
Well, I went digging again. One of the problems is that there are so many different ways to ask the right question (and so many wrong questions) that it's hard to separate the wheat from the chaff. But this time I broke lucky. Here's what I wrote back to Willie:
This is all on the latest Kubuntu Beta, YMMV:
I have a file I found just now:
/etc/X11/Xsession.d/90x11-common_ssh-agentThe contents seem to indicate that ssh-agent is started at X startup.
root@vimes:/etc/X11/Xsession.d# ps ax | grep ssh-agent
5847 ? Ss 0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session x-session-managerSo I installed ssh-askpass and ssh-askpass-gnome (you never know).
So good, so far. So, on a clean boot and login, I fire up konsole, and type
ssh-add, I type the passphrase and get the CLI prompt back.SSH to someplace with my public key, and Bingo! Cool.
So I navigate (with Konqueror as file manager) to
~/.kde/AutostartRight click there, select Create New ... -> Link to Application.
On the General tab, I named it ssh-add, and on the Application tab, I put
/usr/bin/ssh-addin the Command: field.On next KDE startup, I was prompted for my SSH passphrase, and the credentials are available and useful both in the command line and fish:// kio_slave tools. Yay!
I failed to note that this does NOT work like keychain, the SSH key management tool written by Daniel Robbins (of Gentoo fame). That is, when I log out of the X session, the ssh-agent isn't accessible from the virtual consoles, or from inbound ssh-sessions. I suppose that's a good thing, but it's awfully handy to do keychain-like things (being able to source a file that uses the credentials in cron jobs, for example). I may keep poking at this until I solve it to my content, or until it hurts too much to keep after it ... yet again. Hmmm.
I would also point out that it never bothered me much to login from VC1, then explicitly start the X Window system. That way, when I was mucking about with X configurations, I could break something and reboot without system thrashage to follow. And when things were running well, I could go weeks or months without either leaving my login session or X.
Okay. I solved that problem, I think to my satisfaction. First, I installed keychain. (running sudo apt-get install keychain from a terminal window). Then I created a file in the bin directory in my home: keychain.sh ... it contains these lines:
#!/bin/bash
/usr/bin/keychain --clear id_dsa
[ -f $HOME/.keychain/$HOSTNAME-sh ] && \
. $HOME/.keychain/$HOSTNAME-sh
Then I made sure that the script was executable:
bilbrey@vimes:~$ chmod 700 bin/keychain.sh
bilbrey@vimes:~$ ls -al bin/keychain.sh
-rwx------ 1 bilbrey bilbrey 120 2007-04-10 22:00 bin/keychain.sh
I also pasted the last three lines of that shell script into my ~/.bashrc file, so that I would be able to make use of the ssh-agent when logged in remotely (and with --clear, forced to re-enter my passphrase when logging in).
I blew away the ssh-add item in my ~/.kde/Autostart directory and created a new one, called keychain, with the application command field: /home/bilbrey/bin/keychain.sh
I hope this helps, Willie!
Enough fun! Time to go jump into traffic.
Mon
Tues
Wed
THURSDAY
Fri
Sat
Sun
April 12, 2007
0647 - Good morning. So, I didn't do enough testing on yesterday's KDE/SSH/keychain integration. When I rebooted after updating the kernel yesterday evening, I got promted for the SSH passphrase in each terminal session. Urk! Okay, one problem at a time. First, in each terminal application... okay, I can suss this out: .bashrc is sourced by every terminal to setup the environment. .bash_profile is sourced only by a login session. So I moved the keychain chunk of code (slightly rewritten):
keychain --clear id_dsa
[ -z "$HOSTNAME" ] && HOSTNAME=`uname -n`
[ -f $HOME/.keychain/$HOSTNAME-sh ] && \
. $HOME/.keychain/$HOSTNAME-sh
I took it out of .bashrc, and plunked it in a freshly created .bash_profile. The rewrite ensured that $HOSTNAME is properly set before using it. So, the move fixed one problem, but now when I logged in to KDE, I got prompted twice for the passphrase. So, something in the X login sequence is running .bash_profile. Okay, I can hang with that. So I removed the recently created Autostart application that called my keychain init script, ~/bin/keychain.sh. Now everything is working the way I expect. Keychain initialized with X, with VC logins, with remote SSH logins. Agent stays active when logged out, and clears on any login, forcing a reentry of the passphrase (a nice security feature). So, just having at least the following in my ~/.bash_profile seems to have solved the problem that Willie posed on Tuesday:
. ~/.bashrc
/usr/bin/keychain --clear id_dsa
[ -f $HOME/.keychain/$HOSTNAME-sh ] && \
. $HOME/.keychain/$HOSTNAME-sh
If there's one constant in life, change fits the bill. There's likely to be change coming in the near future. But I can't be sure what form it'll take yet. You'll know shortly after I do. Happy Thursday.
Mon
Tues
Wed
Thu
FRIDAY
Sat
Sun
April 13, 2007
No Post.....
Mon
Tues
Wed
Thu
Fri
SATURDAY
Sun
April 14, 2007
0913 - Good morning. I left off a couple of days ago talking about change. Sometimes change comes in odd forms. One of the changes is that we've decided to stop talking about moving.
For the last several months, Marcia and I have been mulling over the possibilities in getting out of this market, taking our equity cash out, and getting into someplace cheaper, with 50 to 75% initial downpayment. In part, we have the freedom to consider such a move because Marcia can be pretty much anywhere on the right side of the continent and still do her job. There are real estate markets with much less expensive properties, and enough of an economy that I could find work easily. But we like this house, and the friends we've made in the area. Also, there's a lot to do and see around here, and we just won't make the time to see and do, unless we're here for an extended stay. So we think we'll stay. The change here is ... no change.
The next change is vehicular. Marcia's wanted a car that can go top-down for the longest time. We can afford that without denting anything financial, so we're going to go look at the VW Eos this afternoon. If money were truely no object, I'd probably put her in an Audi A4 Cabriolet Quattro. But those are selling for between 45 and 50K, and at her current pace, that would never pay off for Marcia - she's currently driving about 4000 miles a year. The Eos is a bit smaller, but solid, and about 15K less expensive than the Audi. It's got a fold-in hardtop, and pop-up rollover bars. If that was offered in the Toyota Solara, we might have leaned that way. It's interesting that the mid-size ragtops don't offer that sort of protection.
I want to get out into the garden for a while ... But another shot of winter is coming - or at least a strong storm. And if it spins enough cold air down our way, then we may be due for more snow on Sunday night and Monday. Yeah, mid-April. Boggle. Maybe I'll just mow the front, or simply prep the mower for bagging - I have a blade to sharpen and install. Next weekend, I'm hopeful enough that I've taken Monday and Tuesday (23rd and 24th) off to make a four day stint of get-the-whole-yard-ready possible. Now if only the weather will cooperate.
Enough for now. Happy Saturday.
Mon
Tues
Wed
Thu
Fri
Sat
SUNDAY
April 15, 2007
1226 - Good afternoon. While Marcia was very appreciative of my concern for her well-being in my selection of automobiles with active rollover protection (popup rollbars), all of them were too small for her taste... she could only have legless friends riding in back, and there's not much in the way of trunk space either. So she went with her first choice - a shiny red Solara convertable. No pictures yet, because it hasn't stopped raining since she bought it. If there are 40 days and 40 nights of rain, now y'all know who to blame.
Our troops surely watch the news and wonder WTF the ongoing political struggle is going to mean to their mission, and to their safety. Our fine men and women serve, and fight, and sometimes die. Honor them, remember them, do them proud! Here's two weeks of sad news, 60 souls to remember with pride...
Last Week << Mon Tues Wed Thu Fri Sat Sun >> Next Week
Visit the rest of the DAYNOTES GANG, a collection of bright minds and sharp wits. Really, I don't know why they tolerate me <grin>. My personal inspiration for these pages is Dr. Jerry Pournelle. I am also indebted to Bob Thompson and Tom Syroid for their patience, guidance and feedback. Of course, I am sustained by and beholden to my lovely wife, Marcia. You can find her online too, at http://www.dutchgirl.net/. Thanks for dropping by.
All Content Copyright © 1999-2011 Brian P. Bilbrey.
Except where otherwise noted, this site is licensed under the
Creative
Commons Attribution-Noncommercial-Share Alike 3.0 United States
License.