[portland] keychain and ssh-agent: Use ssh keys more easily
Ricardo Newbery
ric at digitalmarbles.com
Wed Feb 10 05:55:42 CET 2010
A related recent post by Tarek Ziade...
http://tarekziade.wordpress.com/2010/02/01/simple-command-line-vault-clvault/
Cheers,
Ric
On Feb 9, 2010, at 8:12 PM, Igal Koshevoy wrote:
> Chris Pitzer talked about ssh-copy-id, you can find his notes online
> at:
> http://blog.christopherpitzer.com/2010/ssh-copy-id/
>
> I mentioned that it's possible to use a persistent program to load
> your
> SSH keys, which will ask you to enter the passwords for your keys,
> and
> then keep them loaded in memory so you don't have to keep re-entering
> the key passwords.
>
> "keychain" is a third-party program for use with OpenSSH to keep your
> credentials in memory and accessible across logins, and continues to
> run
> until the machine is shutdown or the keychain or agents are
> deliberately
> stopped. MacOS and some UNIX distros may provide a specialized way
> to do
> this. Details on using the keychain program:
> http://www.gentoo.org/proj/en/keychain/
>
> Typical usage from a bash shell:
> # Start the keychain and add your keys, which may ask for
> passwords -- I
> # keep my keys in ~/.ssh and give them names ending with "_rsa" and
> "_dsa":
> keychain ~/.ssh/*_{dsa,rsa}
>
> # Load the credentials into a session (the file sourced is created
> by "keychain"):
> . ~/.keychain/${HOSTNAME}-sh*
>
> # You can combine these steps together by using a single bash
> function,
> # that can start keychain if needed and load your credentials. You
> can run
> # this function from .Xsession and again any time you need to load
> # credentials from a session that's not managed by X (e.g., you SSH
> into a
> # machine already running your keychain). Here's the function:
> keychainize () { keychain ~/.ssh/*_{dsa,rsa}; .
> ~/.keychain/${HOSTNAME}-sh*; }
>
>
> If you're looking for something more lightweight and standard, you can
> use "ssh-agent", which is what "keychain" is providing a wrapper for.
> "ssh-agent" is a program that comes with OpenSSH and keeps your
> credentials in memory. It lets you enter the passwords for your SSH
> keys
> once on startup and keep using the keys without passwords for the
> duration of your session. For details read:
> http://www.securityfocus.com/infocus/1812
>
> Typical usage from a bash shell:
> # Start the agent, it's not smart enough to realize one's already
> running
> eval `ssh-agent`
> # Add your keys to the agent, which may ask for passwords
> ssh-add ~/.ssh/*_{dsa,rsa}
> # See what keys you've got loaded, if curious
> ssh-add -l
> # Use your credentials without having to re-enter passwords
> ssh myusername at myhostname
>
> -igal
> _______________________________________________
> Portland mailing list
> Portland at python.org
> http://mail.python.org/mailman/listinfo/portland
More information about the Portland
mailing list