|
Source: securityfocus.com - Posted by Vincenzo Ciaglia
|
No one likes typing passwords. If people had their way, computers would simply know who they were and what they should have access to without us proving it at every turn. In my last article I showed you how to create SSH Identities/Pubkeys, which can be used as an alternative to password authentication. . . .
No one likes typing passwords. If people had their way, computers would simply know who they were and what they should have access to without us proving it at every turn. In my last article I showed you how to create SSH Identities/Pubkeys, which can be used as an alternative to password authentication. However, I then went right back and told you to passphrase protect them, so now you were substituting one password for another, seemingly gaining nothing.
This week we have the payoff. We'll take the Identity/Pubkey trust we created last time, and learn how to use the ssh-agent program as our keymaster. We'll decrypt our keys once, put them in into the agent, and have it handle all our authentication needs thereafter.
Starting up the Agent
To start up the agent you can simply run it on the command line:
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-OqdW7921/agent.7921; export SSH_AUTH_SOCK;
SSH_AGENT_PID=7922; export SSH_AGENT_PID;
echo Agent pid 7922;
When the agent starts, it writes some information to your screen that you can use to set up your shell's environment variables. In the above example, it is using Bourne shell syntax. If you were in a C-shell, say /bin/csh or /bin/tcsh, then it would have generated the variables differently. If ssh-agent can't determine which shell you are using correctly, you can use the -s or -c arguments to force it to provide Bourne or C-shell syntax, respectively.
Read this full article at securityfocus.com
Powered by AkoComment! |
