[Tipz] ssh-agent for the impatient

Mark Logan mlogan at ccs.neu.edu
Thu Oct 30 17:35:11 EST 2003 

For a similar example:

~mlogan/bin/issh-agent

An improved version would include the following:

* Add 'ForwardAgent=yes' to your .ssh/ssh_config
* Check if SSH_AUTH_SOCK is set before changing the environment.

Then you only need an agent running on your desktop/favorite shell
machine.

-Mark

On Thu, Oct 30, 2003 at 08:25:07PM -0500, Ian Langworth wrote:
> (I'm pretty sure the details are correct -- feel free to correct me.)
> 
> GOAL: 
> 
>     When you log into a CCS machine you want a little dialog to
>     come up and ask you for a passphrase. With the correct
>     passphrase you would then be able to shell into any other
>     machine without using a password. The magic ends when you
>     log out of the console.
> 
> SOLUTION:
> 
>     First, if you haven't already, generate your public and
>     private ssh keys. Do this by running:
> 
>         ssh-keygen -t dsa
> 
>     ...and accept the defaults. You should have a "id_dsa" and
>     "id_dsa.pub" in your ~/.ssh directory. Copy the id_dsa.pub
>     to any machines you want to shell to as
>     "~/.ssh/authorized_keys2", such as:
> 
>         cp ~/.ssh/id_dsa.pub ~/.ssh/authorized_keys2
> 
>         scp ~/.ssh/id_dsa.pub somehost:.ssh/authorized_keys2
> 
>     (Remember -- id_dsa is your _private_ key -- guard it with
>     your life. You can put your public key, id_dsa.pub,
>     anywhere.)
> 
>     Next, move your .xsession a separate file, like
>     ~/bin/xsession-real for example. Then set your .xsession 
>     to run the real script through ssh-agent, like this:
> 
>         #!/bin/sh
>         exec ssh-agent $HOME/bin/xsession-real
> 
>     (Make sure your new .xsession is executable.)
> 
>     In your real xsession script, put the following:
> 
>         # start my ssh agent
>         os=`uname -s`
>         if [ "x$os" = "xSunOS" ]; then
>             # thanks, zach!
>             SSH_ASKPASS=/home/bass/bin/ssh-askpass.SunOS
>         else
>             SSH_ASKPASS=ssh-askpass
>         fi
>         export SSH_ASKPASS
>         SSH_AGENT=ssh-agent
>         export SSH_AGENT
>         ssh-add $HOME/.ssh/id_dsa </dev/null
> 
>     (The ssh-askpass.SunOS was compiled by Zach Joress and works
>     nicely with Solaris. I suggest you copy it to your own home
>     directory and modify that line appropriately.)
> 
>     That's it -- log out of the console and log back in again.
> 
> BONUS!
> 
>     If you want to be able to scp/ssh passwordless from
>     a machine you're not on to another machine you're not on you
>     can use "agent forwarding." This will work if the machines
>     you're jumping around to all have the same public key in
>     authorized_keys2 (I think). Run this:
> 
>         echo "ForwardAgent yes" >>~/.ssh/config
> 
>     Try this out, it's really cool.
> 
> Enjoy!
> 
> -- 
> Ian Langworth
> Project Guerrilla
> Northeastern University
> College of Computer and Information Science
> 
> _______________________________________________
> Tipz mailing list
> Tipz at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/tipz
>

More information about the Tipz mailing list