What I notice is that on the cleanly-started system during the first SSH connection, a graphical prompt for the passphrase pops up, and on all the subsequent connections the agent uses the stored pasphrase. Other people have discussed this situation on StackExchange. When I want to delete it with ssh-add -D, it still remains listed. On bootup, the ssh-add -l lists my primary key. On Linux, or on Ubuntu 20.04 to be exact, I haven’t completely figured out how the SSH agent operates. However, as noted in this tutorial, agent forwarding comes at a risk, so it might be wiser to only enable it per connection if you intend to use it (with the option -A): $ ssh -A list the identities added to the agent, use the following command: $ ssh-add -l One way to make it work is to create an entry in ~/.ssh/config: Host myhost
When it is enabled, the saved identity gets forwarded to the remote host, so you could initiate an SSH session from it to some third host. In some cases you might be interested in SSH agent forwarding. The latter directive, together with IdentitiesOnly can be used to specify concrete keys to be used with certain hosts, as described in this nixCraft tutorial. If you have SSH keys with some “non-standard” names/locations (other than ~/.ssh/id_rsa, ~/.ssh/id_ed25519 and the like), you may want to add the IdentityFile directive: IdentityFile ~/.ssh/my_key This enables the use of Keychain and automatic lookup in it whenever you use ssh. To automate adding the key to the agent, you can edit ~/.ssh/config and add the following entry: Host * On macOS you can use the -apple-use-keychain option: $ ssh-add -apple-use-keychain ~/.ssh/id_ed25519 The upside of this is that your agent’s “memory” can be made persistent between reboots. The latter can utilize Keychain to store the passphrases. It is worth noting that SSH agent works with slightly differently on Linux and Mac. If you would like to stop the agent, a similar command with the -k option is issued: eval `ssh-agent -k` It can be launched as follows: eval `ssh-agent` In some situations, SSH agent might not be running. When the agent is stopped or the computer is rebooted, the key will need to be added again. This will load the passphrase into SSH agent’s memory, and remote logins will happen “passwordless”. The most basic way to use SSH agent to remember the passphrase is as follows: $ ssh-add -k ~/.ssh/id_ed25519
Let’s say we have generated a pair of keys (as described here) using a secret passphrase:įurther, you copy your public key to the remote host, which adds the key to its own ~/.ssh/authorized_keys: $ ssh-copy-id -i ~/.ssh/id_ed25519 this point, you will be prompted for the passphrase every time you connect to the remote host with ssh. This blog post will be a bit Mac-oriented, since I am still in the process of figuring out the details of how certain aspects of SSH agent work on Linux. It also allows to initiate another SSH session from a remote host by the means of agent forwarding. Instead of typing your passphare every time you connect to a remote host, the correctly configured SSH agent will provide the passphrase to ssh or scp without you being prompted. SSH agent is a program resposible for handling passhareses for SSH keys.
0 kommentar(er)
