Is the opennbula ssh agent supposed to work without any extra setup?

OS is debian 11

My issue is that it does not work until
i do

eval ssh-agent -s && ssh-add
Agent pid 289270
Identity added: /var/lib/one/.ssh/id_rsa (oneadmin@on-front)

Then it works as expected I can ssh from front to nodes and back
Easy check:
before i do eval ssh-agent -s && ssh-add
echo $SSH_AUTH_SOCK gives nothing
ssh-add -L also nothing
after i do eval ssh-agent -s && ssh-add
echo $SSH_AUTH_SOCK gives
/tmp/ssh-C9E9lOi4eE2n/agent.289269
and ssh-add -L list the key

Output from systemctl status opennebula-ssh-agent.service

systemctl status opennebula-ssh-agent.service
● opennebula-ssh-agent.service - OpenNebula SSH agent
     Loaded: loaded (/lib/systemd/system/opennebula-ssh-agent.service; disabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-07-01 09:36:15 EEST; 11min ago
    Process: 288891 ExecStartPre=/bin/sh -c echo SSH_AUTH_SOCK=$SSH_AUTH_SOCK > /var/run/one/ssh-agent.env (code=exited, status=0/SUCCESS)
    Process: 288892 ExecStart=/bin/sh -c exec /usr/bin/ssh-agent -a $SSH_AUTH_SOCK (code=exited, status=0/SUCCESS)
    Process: 288894 ExecStartPost=/bin/sh -c /usr/bin/ssh-add (code=exited, status=0/SUCCESS)
   Main PID: 288893 (ssh-agent)
      Tasks: 1 (limit: 4692)
     Memory: 604.0K
        CPU: 19ms
     CGroup: /system.slice/opennebula-ssh-agent.service
             └─288893 /usr/bin/ssh-agent -a /var/run/one/ssh-agent.sock

Jul 01 09:36:15 on-front systemd[1]: Starting OpenNebula SSH agent...
Jul 01 09:36:15 on-front sh[288892]: SSH_AUTH_SOCK=/var/run/one/ssh-agent.sock; export SSH_AUTH_SOCK;
Jul 01 09:36:15 on-front sh[288892]: SSH_AGENT_PID=288893; export SSH_AGENT_PID;
Jul 01 09:36:15 on-front sh[288892]: echo Agent pid 288893;
Jul 01 09:36:15 on-front sh[288895]: Identity added: /var/lib/one/.ssh/id_rsa (oneadmin@on-front)
Jul 01 09:36:15 on-front systemd[1]: Started OpenNebula SSH agent.


Versions of the related components and OS (frontend, hypervisors, VMs):
Frontend 6.2.0.1

Obvious solution is to just
echo "export SSH_AUTH_SOCK=/var/run/one/ssh-agent.sock" >> ~oneadmin/.bashrc, but I’m I supposed to?

No one tried this?

Hi @branislav_k,

It should work without doing any extra step for the oned service. If you take a look at the oned service environment you should see something similar to the export you’re proposing:

$ cat /proc/`pgrep oned`/environ
...SSH_AUTH_SOCK=/var/run/one/ssh-agent.sock

This will make passwordles ssh work for the oned process. If you want to take advantage of the agent also when you’re logged as a oneadmin in the server terminal, you’ll need to manually export the env variable, or as you mentioned add it to the .bashrc file or similar.

Ok thanks.
Then this probably should be added to the docs, because all examples are saying that you as the user must test ssh from frontend to nodes etc. and I was expecting for it to work, but it doesn’t.

For example here
https://docs.opennebula.io/6.2/open_cluster_deployment/kvm_node/kvm_node_installation.html#step-4-configure-passwordless-ssh