Installation ============ All you need to run ssh-ident is a standard installation of python >= 2.6, python > 3 is supported. If your system has wget and are impatient to use it, you can install ssh-ident with two simple commands: mkdir -p ~/bin; wget -O ~/bin/ssh goo.gl/MoJuKB; chmod 0755 ~/bin/ssh echo 'export PATH=~/bin:$PATH' >> ~/.bashrc Logout, login, and done. SSH should now invoke ssh-ident instead of the standard ssh.Problem with ssh-agent. That can be solved with ssh-ident above!Configuring all of this on your machine
So, let's summarize the steps:
- Generate a set of keys, with
ssh-keygen
.- Install your keys on remote servers, with
ssh-copy-id
.- Start an
ssh-agent
to use on your machine, witheval ssh-agent
.ssh-add
your key, type your password once.- Profit! You can now ssh to any host that has your public key without having to enter a password, and use
ssh -A
to forward your agent.Easy, isn't it? Where people generally have problems is on how and where to start thessh-agent
, and when and how to startssh-add
.The long running advice has been to startssh-agent
from your .bashrc, and runssh-add
similarly.In today's world, most distributions (including Debian and derivatives), just start anssh-agent
when you first login. So, you really don't have anything to do, except runssh-add
when you need your keys loaded, and be done with it.Still many people have snippets to the extent of:if [ -z "$SSH_AUTH_SOCK" ] ; then eval `ssh-agent` ssh-add fiin their.bashrc
, which basically says "is there an ssh-agent already running? no? start one, and add my keys".This is still very annoying: for each console or each session you login into, you end up with a newssh-agent
. Worse: this agent will run foreverwith your private keys loaded! Even long after you logged out. Nothing and nobody will ever kill your agent.So, your three lines of.bashrc
snippet soon becomes 10 lines (to cache agents on disk), then it breaks the first time you use NFS or any other technology to share your home directory, and then... more lines to load only some keys, some magic in.bash_logout
to kill your agent, and your 4 lines of simple.bashrc
get out of control
sexta-feira, abril 26, 2019
ssh-agent load only once with ssh-ident, ssh-add, ssh-keygen, eval `ssh-agent`
Assinar:
Postar comentários (Atom)
Nenhum comentário:
Postar um comentário