SSH Key Management Part 2

LKH writes "The second part of Daniel Robbins' ssh key management articles is up at developer works. Daniel covers passphrase-less authentication using keychain."

Or if you want to automate it even more

[Bronster]

[~]$ cat .bashrc
...
SSH_AUTH_SOCK=`/bin/ls /tmp/ssh-*/agent.* | cut -f1 -d\ '
export SSH_AUTH_SOCK
...
[~]$

This works because the /bin/ls line with the pattern above will only get sockets that you can read, which means either owned by you or you are root (lucky you). It grabs the first one, which is fine for non-root users, though not wonderful if you're root - then again root shouldn't be doing this anyway.

It works from the console too!

P.S. - remember to nuke that agent when you've finished, otherwise anyone else who can get in as you has privs on every box that trusts you.

ssh-agent startx

[smcavoy]

I use this with much sucess,
I must then run ssh-add for every key I want to use. doing that once a day (assuming your not in a hostile enviroment, and never lock the console...)
saves time. Is this a bad idea?????

ssh-keygen this you !@#$!@#

[PatJensen]

I read this article, it seems pretty cool to be able to store all your keys and access them using the ssh-agent, but I'm having a hard time just generating an RSA SSH2 key and having it work. Anyone mind helping me out? I've followed this process:

1. ssh-keygen -t rsa
2. typed in a 12 character password
3. copied the dsa_key.pub from my desktop and pasted it to ~/.ssh/authorized_keys2 on the server. 4. ssh -2 remotehost.

Then it asks for a password. I used ssh -v, which it said it was trying RSA but it failed. I'm running OpenSSH 2.9p2 on Mac OS X. Help me, I've read the man pages repeatedly but it's still all jibber-jabber!

-Pat