split-ssh: fix configuration problems

Not backgrounding the proxy service on ssh-client causes problems,
notably with services to be started later in the script.

Not making the service executable in the vault causes:

 error fetching identities: communication with agent failed
This commit is contained in:
Yann Dirson 2021-11-07 19:17:33 +01:00
parent 78c00a1b46
commit 07d90098c3
No known key found for this signature in database
GPG Key ID: 0D85F29625A3F9FD

View File

@ -166,6 +166,12 @@ We now need to write a small script that handles connection requests from `ssh-c
socat - UNIX-CONNECT:$SSH_AUTH_SOCK socat - UNIX-CONNECT:$SSH_AUTH_SOCK
``` ```
2. Make it executable
```shell_prompt
[user@fedora-32 ~]$ sudo chmod +x /etc/qubes-rpc/qubes.SshAgent
```
### In the AppVM `ssh-client` ### In the AppVM `ssh-client`
Theoretically, you can use SSH in any AppVM. Theoretically, you can use SSH in any AppVM.
@ -193,7 +199,7 @@ Therefore, we add a script in `rc.local` (Which will run at VM startup) to liste
if [ "$SSH_VAULT_VM" != "" ]; then if [ "$SSH_VAULT_VM" != "" ]; then
export SSH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM" export SSH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
rm -f "$SSH_SOCK" rm -f "$SSH_SOCK"
sudo -u user /bin/sh -c "umask 177 && exec socat 'UNIX-LISTEN:$SSH_SOCK,fork' 'EXEC:qrexec-client-vm $SSH_VAULT_VM qubes.SshAgent'" sudo -u user /bin/sh -c "umask 177 && exec socat 'UNIX-LISTEN:$SSH_SOCK,fork' 'EXEC:qrexec-client-vm $SSH_VAULT_VM qubes.SshAgent'" &
fi fi
# <<< SPLIT SSH CONFIGURATION # <<< SPLIT SSH CONFIGURATION
``` ```