| View previous topic :: View next topic |
| Author |
Message |
parsim
Guru
Joined: 12 Aug 2004
Posts: 347
Location: Melbourne, Australia
|
 Posted: Tue Nov 29, 2005 8:42 pm Post subject: easy ssh with ssh-agent |
 |
|
I ssh into four different remote machines fairly often, so I went through the process of generating ssh-keys so I could do this without typing in a password every time.
However, the end result doesn't seem as useful as it should be. Am I doing something wrong, or is this the way it's meant to work?
I'm currently doing this every time I need to ssh:
- Think whether I've already sshed to this host since the machine's been booted. If I don't think I have, go to Step 2. Otherwise, if I'm confident, I just 'ssh user@host', but if I'm wrong, it will sit there for a while, then prompt me for "Password:". I need to Control-C this and go to Step 2. If I'm not sure whether I have or haven't, I run "ssh-add -l" and see if the host is on the list.
- Execute "ssh-add ~/.ssh/identity.hostname". This asks me for a passphrase (which is long and easy to mistype).
- "ssh user@host" and passwordlessly enter the account
Instead, what I'd like to do is this:
- "ssh user@host". If I've previously sshed, then I enter passwordlessly. If not, then I'm prompted for a passphrase. Upon entering it, the ssh connection is established. The passphrase will not be required again.
I could ssh-add all four ~/.ssh/identity.host keys at the start of each session, but I don't want to type in four long passphrases when I may not even want to do any sshing that day. |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Tue Nov 29, 2005 10:40 pm Post subject: |
|
|
If you have set a different passphrase on every private key you use, then you will indeed have to type in all of them.
The usefulness of ssh-agent comes into play when you trust it to handle your private keys, obviating the need for you to type in more than one passphrase for a complete set of keys you intend to use during a session.
There is generally no need to generate a different key for each host - one key pair will do, just upload the public key to multiple machines.
Use the same passphrase for all of them, just make sure it is strong enough.
ssh-add will try to re-use the last passphrase,so this does make sense.
When you follow this, you type your passphrase once at the beginning of the session, and ssh-agent takes care of the rest.
I would personally put the shh-add sequence in a small script or in bash_login.
Then you will only have to type your passphrase when you log in, and you're set.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
parsim
Guru
Joined: 12 Aug 2004
Posts: 347
Location: Melbourne, Australia
|
| Posted: Wed Nov 30, 2005 7:00 pm Post subject: |
|
|
Aha, thanks! I thought you needed separate passphrases for security reasons.
I've set my passphrases to the same thing, written a little script "ssh-startup":
| Code: | #!/bin/sh
if [ -n "`ssh-add -l | grep has\ no\ identities`" ]; then
ssh-add ~/.ssh/identity*
fi |
and added a bunch of aliases to my .bashrc like this:
| Code: | alias ss1='~/doc/scripts/ssh-startup; ssh user1@host1.com'
alias ss2='~/doc/scripts/ssh-startup; ssh user2@host2.net'
... |
Now I use the aliases to ssh and it only prompts me for a passphrase if I need it; i.e. the first time I ssh that day. And if I don't ssh, I never need to enter the passphrase. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
