moooofly
commented
5 years ago - [x] Understanding ssh-agent and ssh-add
- [x] what's the purpose of ssh-agent?
Open moooofly opened 5 years ago
moooofly
commented
5 years ago moooofly
commented
5 years ago ssh-add to permanently authorise the use of our keys for the agent's session.eval $(ssh-agent) > /dev/null ;这种设置会在每次启动一个新 shell 时,创建一个新的 agent 进程;If I had 10 windows open, which isn't unusual, I would have 10 ssh-agents running. 导致的后果就是,不得不运行 ssh-add in every shell to allow the use of my keys, or suffer the repeated requests for my key's passphrase. 这种使用方式明显存在问题;ssh-agent 时会看到如下内容:
SSH_AGENT_PID 是给 ssh-agent -k 使用的,用于直接杀掉当前的 agent 进程;SSH_AUTH_SOCK 是给 ssh-add 使用的,如果没有设置正确,会看到错误 "Could not open a connection to your authentication agent." $ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-MUyniqn10506/agent.10506; export SSH_AUTH_SOCK;
SSH_AGENT_PID=10507; export SSH_AGENT_PID;
echo Agent pid 10507;ssh-agent 的设计逻辑是:当直接执行 ssh-agent 时,是不会update the current shell with the required environment variables 的;因此,如果你不手动设置相应的环境变量,那么此时,ssh-agent -k 和 ssh-add 都不能正确执行;eval $(ssh-agent) > /dev/null 这个命令:该命令会对自动将相应的环境变量进行导出;eval $(ssh-agent) > /dev/null 会每个窗口创建一个新的 agent 进程的办法是:有人写了 a small bash script to locate compatible ssh-agent processes and update the environment accordingly. 之后,Each new shell session will look for an existing ssh-agent session and update the $SSH_AUTH_SOCK environment variable. If you have run ssh-add previously then you won't need to reauthorise your keys.source ~/.ssh-find-agent/ssh-find-agent.bash
set_ssh_agent_socketssh-agent is a program to hold private keys used for public key authentication (RSA, DSA, ECDSA). The idea is that ssh-agent is started in the beginning of an X-session or a login session, and all other windows or programs are started as clients to the ssh-agent program. Through use of environment variables the agent can be located and automatically used for authentication when logging in to other machines using ssh(1).ssh-agent caches the key for you and you only need to enter the password once, when the agent wants to decrypt it (and often not even that, as the ssh-agent can be integrated with pam, which many distros do).ssh-agent is that you only need to enter your passphrase once. If your private RSA key is not encrypted with a passphrase, then ssh-agent is not necessary. The ssh command would be an example of a client.sshing into a variety of different machines, each with their own key and passphrase, then running ssh-agent allows you to enter the passphrase for each key once at the start of your session and then you can authenticate to each machine as many times as you like without having to re-enter your passphrase.moooofly
commented
5 years ago 实践下来,最好用的方式为
eval $(ssh-agent -s)
ssh-add ~/.ssh/id_rsa注意:
eval $(ssh-agent bash)不行;
执行后,当前 terminal 立即生效,在其他 window 或 tab 上也直接可用了;