[Techtalk] thoughts on OpenSSH key passphrase/ no passphrase
John Clarke
johnc+linuxchix at kirriwa.net
Wed Nov 30 16:26:24 EST 2005
On Tue, Nov 29, 2005 at 08:56:44 -0800, Carla Schroder wrote:
> I prefer keychain to ssh-agent, if anyone cares. :) The advantage is it
> authenticates per system, rather than login session, so you can open new
> terminals and not have to re-enter passphrases.
Do you mean new login sessions or new xterms? If the latter, starting
ssh-agent in .bash_profile makes it available to any program you start
in the same login session:
# start ssh-agent if this is an interactive shell & agent
# forwarding isn't enabled
if [ "${-#*i}" != $- -a -z "$SSH_CLIENT" ]; then
eval `ssh-agent`
fi
$SSH_CLIENT is set if you're logging in via ssh with agent forwarding
enabled, and then you don't want to have a local agent. The eval sets
and exports the environment variables that ssh uses to talk to the
agent:
[johnc at dropbear ~]$ set|grep SSH
SSH_AGENT_PID=1591
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
SSH_AUTH_SOCK=/tmp/ssh-XXtiPua2/agent.1590
It's the last variable that ssh uses to talk to the agent. The PID
variable is only used when trying to kill the agent (ssh-agent -k). You
can talk to any agent running with your UID by setting $SSH_AUTH_SOCK.
Cheers,
John
--
> pop up a box that said "Click here to be hit over the head with a salmon"
I'd like to see the implementation of that. (And don't try to fob me off
with a fake dialog that *didn't* actually cause them to get hit over the
head with a salmon.) -- Paul Tomblin
More information about the Techtalk
mailing list