[Courses] [Security] Terri's Laptop netstat
Amanda Babcock
alb at quandary.org
Fri Mar 8 09:48:35 EST 2002
On Thu, Mar 07, 2002 at 07:06:13PM -0500, Terri Oda wrote:
> >I ran netstat once, then realized I should probably run X to see if it was
> >listening, so I ran X and this is the result. I'm not sure why ssh-agent
> >started up when X did, but I'm guessing it's something about about
>
> About about, eh? I was *going* to say that I'd guess it's something to let
> me forward X connections over ssh.
Actually, no. ssh-agent is a handy little program which is useful if you're
doing lots of ssh-ing with public key authentication (RSA etc), aka you ssh
someplace by typing your local private key, not the password of the account
you're ssh-ing to.
Typing the same private key over and over can be annoying, so ssh-agent is
a good, secure way to store and serve the key. It can only be accessed from
processes spawned from under ssh-agent, which is why one might run, for
example, "ssh-agent startx" (because then anything in that x-session will
have access to the ssh agent). You add the key by typing "ssh-add" from one
of the child processes (such as an X window in an X session started from
ssh-agent), and from then on any ssh connections you make using public key
encryption from a child process of the ssh-agent can use that key.
When you log out of X, that particular ssh-agent will terminate and your
stored keys will be disposed of safely.
(Somebody let me know if I misused any terminology, like "child processes"
or anything...)
Amanda
More information about the Courses
mailing list