mirror of
https://github.com/Qubes-Community/Contents.git
synced 2024-12-22 21:59:26 -05:00
split-ssh: fix configuration problems
Not backgrounding the proxy service on ssh-client causes problems, notably with services to be started later in the script. Not making the service executable in the vault causes: error fetching identities: communication with agent failed
This commit is contained in:
parent
78c00a1b46
commit
07d90098c3
@ -166,6 +166,12 @@ We now need to write a small script that handles connection requests from `ssh-c
|
|||||||
socat - UNIX-CONNECT:$SSH_AUTH_SOCK
|
socat - UNIX-CONNECT:$SSH_AUTH_SOCK
|
||||||
```
|
```
|
||||||
|
|
||||||
|
2. Make it executable
|
||||||
|
|
||||||
|
```shell_prompt
|
||||||
|
[user@fedora-32 ~]$ sudo chmod +x /etc/qubes-rpc/qubes.SshAgent
|
||||||
|
```
|
||||||
|
|
||||||
### In the AppVM `ssh-client`
|
### In the AppVM `ssh-client`
|
||||||
|
|
||||||
Theoretically, you can use SSH in any AppVM.
|
Theoretically, you can use SSH in any AppVM.
|
||||||
@ -193,7 +199,7 @@ Therefore, we add a script in `rc.local` (Which will run at VM startup) to liste
|
|||||||
if [ "$SSH_VAULT_VM" != "" ]; then
|
if [ "$SSH_VAULT_VM" != "" ]; then
|
||||||
export SSH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
|
export SSH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
|
||||||
rm -f "$SSH_SOCK"
|
rm -f "$SSH_SOCK"
|
||||||
sudo -u user /bin/sh -c "umask 177 && exec socat 'UNIX-LISTEN:$SSH_SOCK,fork' 'EXEC:qrexec-client-vm $SSH_VAULT_VM qubes.SshAgent'"
|
sudo -u user /bin/sh -c "umask 177 && exec socat 'UNIX-LISTEN:$SSH_SOCK,fork' 'EXEC:qrexec-client-vm $SSH_VAULT_VM qubes.SshAgent'" &
|
||||||
fi
|
fi
|
||||||
# <<< SPLIT SSH CONFIGURATION
|
# <<< SPLIT SSH CONFIGURATION
|
||||||
```
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user