[portland] keychain and ssh-agent: Use ssh keys more easily

Ricardo Newbery ric at digitalmarbles.com
Wed Feb 10 05:55:42 CET 2010 

A related recent post by Tarek Ziade...
http://tarekziade.wordpress.com/2010/02/01/simple-command-line-vault-clvault/

Cheers,
Ric



On Feb 9, 2010, at 8:12 PM, Igal Koshevoy wrote:

> Chris Pitzer talked about ssh-copy-id, you can find his notes online  
> at:
> http://blog.christopherpitzer.com/2010/ssh-copy-id/
>
> I mentioned that it's possible to use a persistent program to load  
> your
> SSH keys,   which will ask you to enter the passwords for your keys,  
> and
> then keep them loaded in memory so you don't have to keep re-entering
> the key passwords.
>
> "keychain" is a third-party program for use with OpenSSH to keep your
> credentials in memory and accessible across logins, and continues to  
> run
> until the machine is shutdown or the keychain or agents are  
> deliberately
> stopped. MacOS and some UNIX distros may provide a specialized way  
> to do
> this. Details on using the keychain program:
> http://www.gentoo.org/proj/en/keychain/
>
> Typical usage from a bash shell:
>    # Start the keychain and add your keys, which may ask for  
> passwords -- I
>    # keep my keys in ~/.ssh and give them names ending with "_rsa" and
> "_dsa":
>    keychain ~/.ssh/*_{dsa,rsa}
>
>    # Load the credentials into a session (the file sourced is created
> by "keychain"):
>    . ~/.keychain/${HOSTNAME}-sh*
>
>    # You can combine these steps together by using a single bash  
> function,
>    # that can start keychain if needed and load your credentials. You
> can run
>    # this function from .Xsession and again any time you need to load
>    # credentials from a session that's not managed by X (e.g., you SSH
> into a
>    # machine already running your keychain). Here's the function:
>    keychainize () { keychain ~/.ssh/*_{dsa,rsa}; .
> ~/.keychain/${HOSTNAME}-sh*; }
>
>
> If you're looking for something more lightweight and standard, you can
> use "ssh-agent", which is what "keychain" is providing a wrapper for.
> "ssh-agent" is a program that comes with OpenSSH and keeps your
> credentials in memory. It lets you enter the passwords for your SSH  
> keys
> once on startup and keep using the keys without passwords for the
> duration of your session. For details read:
> http://www.securityfocus.com/infocus/1812
>
> Typical usage from a bash shell:
>    # Start the agent, it's not smart enough to realize one's already
> running
>    eval `ssh-agent`
>    # Add your keys to the agent, which may ask for passwords
>    ssh-add ~/.ssh/*_{dsa,rsa}
>    # See what keys you've got loaded, if curious
>    ssh-add -l
>    # Use your credentials without having to re-enter passwords
>    ssh myusername at myhostname
>
> -igal
> _______________________________________________
> Portland mailing list
> Portland at python.org
> http://mail.python.org/mailman/listinfo/portland

More information about the Portland mailing list