|< Day Day Up >|
Recipe 17.6. Passwordless Logins with ssh-agent
First, set up your private/public keys as in Recipe 17.3. Then use ssh-agent. ssh-agent handles authentication requests while you are gallivanting about the world, SSH-ing into various systems. You'll enter your passphrase once, at the beginning of your SSH session; when you log out of the session, you'll have to start over.
ssh-agent won't enable you to schedule SSH transfers from cron—see Recipe Recipe 17.8 to learn how to do this.
First, start up ssh-agent. You must name the shell you want to use:
$ shh-agent bash
You'll be returned to a normal-looking prompt. Now run ssh-add. This will load all of the keys in your ~/.ssh directory:
$ ssh-add Enter passphrase for /home/jenn/.ssh/id_rsa: Identity added: /home/jenn/.ssh/id_rsa (/home/jenn/.ssh/id_rsa) Enter passphrase for /home/jenn/.ssh/apache_key: Identity added: /home/jenn/.ssh/id_dsa (/home/jenn/.ssh/apache_key)
Now you can log into any of your SSH hosts without entering a passphrase:
jenn@windbag:$ ssh powerpc Linux powerpc 2.4.21 #1 Sun Aug 3 20:15:59 PDT 2003 i686 GNU/Linux Libranet GNU/Linux Last login: Wed Feb 7 18:28:20 2004 from windbag.test.net jenn@powerpc:~$
To shut down ssh-agent, just exit out of the ssh-agent shell:
Because the passphrases and keys are tied to a particular Bash shell process, they'll disappear when you log out of the ssh-agent shell. If you open a second shell to start another ssh-agent, you'll have to enter your passphrase again, even if the first one is still active.
You can see what keys are being used by ssh-agent:
$ ssh-add -l 1024 65:91:77:71:24:66:46:ea:cb:00:fe:83:ad:b8:4a:34 /home/jenn/.ssh/id_rsa (RSA) 1024 da:f7:27:6a:37:4e:a5:bb:1d:00:c7:a8:e9:fe:23:d8 /home/jenn/.ssh/apache_key (RSA)
You'll need to be back in the local ssh-agent shell for this to work, and not logged into a remote host. When you are logged in to a remote host, the remote host controls your terminal, and you'll get the "Could not open a connection to your authentication agent" error message.
You can specify a particular key to load:
$ ssh-add /home/jenn/adminkeys/id_rsa_http
or you can delete a key from the active ssh-agent session (this does not delete the key from your system):
$ ssh-add -d /home/jenn/.ssh/id_dsa Identity removed: /home/jenn/.ssh/id_dsa (/home/jenn/.ssh/id_dsa.pub)
To delete all keys, use:
$ ssh-add -D All identities removed.
17.6.4 See Also
|< Day Day Up >|