[Tipz] ssh-agent for the impatient
Mark Logan
mlogan at ccs.neu.edu
Thu Oct 30 17:35:11 EST 2003
For a similar example:
~mlogan/bin/issh-agent
An improved version would include the following:
* Add 'ForwardAgent=yes' to your .ssh/ssh_config
* Check if SSH_AUTH_SOCK is set before changing the environment.
Then you only need an agent running on your desktop/favorite shell
machine.
-Mark
On Thu, Oct 30, 2003 at 08:25:07PM -0500, Ian Langworth wrote:
> (I'm pretty sure the details are correct -- feel free to correct me.)
>
> GOAL:
>
> When you log into a CCS machine you want a little dialog to
> come up and ask you for a passphrase. With the correct
> passphrase you would then be able to shell into any other
> machine without using a password. The magic ends when you
> log out of the console.
>
> SOLUTION:
>
> First, if you haven't already, generate your public and
> private ssh keys. Do this by running:
>
> ssh-keygen -t dsa
>
> ...and accept the defaults. You should have a "id_dsa" and
> "id_dsa.pub" in your ~/.ssh directory. Copy the id_dsa.pub
> to any machines you want to shell to as
> "~/.ssh/authorized_keys2", such as:
>
> cp ~/.ssh/id_dsa.pub ~/.ssh/authorized_keys2
>
> scp ~/.ssh/id_dsa.pub somehost:.ssh/authorized_keys2
>
> (Remember -- id_dsa is your _private_ key -- guard it with
> your life. You can put your public key, id_dsa.pub,
> anywhere.)
>
> Next, move your .xsession a separate file, like
> ~/bin/xsession-real for example. Then set your .xsession
> to run the real script through ssh-agent, like this:
>
> #!/bin/sh
> exec ssh-agent $HOME/bin/xsession-real
>
> (Make sure your new .xsession is executable.)
>
> In your real xsession script, put the following:
>
> # start my ssh agent
> os=`uname -s`
> if [ "x$os" = "xSunOS" ]; then
> # thanks, zach!
> SSH_ASKPASS=/home/bass/bin/ssh-askpass.SunOS
> else
> SSH_ASKPASS=ssh-askpass
> fi
> export SSH_ASKPASS
> SSH_AGENT=ssh-agent
> export SSH_AGENT
> ssh-add $HOME/.ssh/id_dsa </dev/null
>
> (The ssh-askpass.SunOS was compiled by Zach Joress and works
> nicely with Solaris. I suggest you copy it to your own home
> directory and modify that line appropriately.)
>
> That's it -- log out of the console and log back in again.
>
> BONUS!
>
> If you want to be able to scp/ssh passwordless from
> a machine you're not on to another machine you're not on you
> can use "agent forwarding." This will work if the machines
> you're jumping around to all have the same public key in
> authorized_keys2 (I think). Run this:
>
> echo "ForwardAgent yes" >>~/.ssh/config
>
> Try this out, it's really cool.
>
> Enjoy!
>
> --
> Ian Langworth
> Project Guerrilla
> Northeastern University
> College of Computer and Information Science
>
> _______________________________________________
> Tipz mailing list
> Tipz at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/tipz
>
More information about the Tipz
mailing list