Open moooofly opened 5 years ago
ssh-add
to permanently authorise the use of our keys for the agent's session.eval $(ssh-agent) > /dev/null
;这种设置会在每次启动一个新 shell 时,创建一个新的 agent 进程;If I had 10 windows open, which isn't unusual, I would have 10 ssh-agent
s running. 导致的后果就是,不得不运行 ssh-add
in every shell to allow the use of my keys, or suffer the repeated requests for my key's passphrase. 这种使用方式明显存在问题;ssh-agent
时会看到如下内容:
SSH_AGENT_PID
是给 ssh-agent -k
使用的,用于直接杀掉当前的 agent 进程;SSH_AUTH_SOCK
是给 ssh-add
使用的,如果没有设置正确,会看到错误 "Could not open a connection to your authentication agent." $ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-MUyniqn10506/agent.10506; export SSH_AUTH_SOCK;
SSH_AGENT_PID=10507; export SSH_AGENT_PID;
echo Agent pid 10507;
ssh-agent
的设计逻辑是:当直接执行 ssh-agent
时,是不会update the current shell with the required environment variables 的;因此,如果你不手动设置相应的环境变量,那么此时,ssh-agent -k
和 ssh-add
都不能正确执行;eval $(ssh-agent) > /dev/null
这个命令:该命令会对自动将相应的环境变量进行导出;eval $(ssh-agent) > /dev/null
会每个窗口创建一个新的 agent 进程的办法是:有人写了 a small bash script to locate compatible ssh-agent
processes and update the environment accordingly. 之后,Each new shell session will look for an existing ssh-agent
session and update the $SSH_AUTH_SOCK
environment variable. If you have run ssh-add
previously then you won't need to reauthorise your keys.source ~/.ssh-find-agent/ssh-find-agent.bash
set_ssh_agent_socket
ssh-agent
is a program to hold private keys used for public key authentication (RSA, DSA, ECDSA). The idea is that ssh-agent
is started in the beginning of an X-session or a login session, and all other windows or programs are started as clients to the ssh-agent
program. Through use of environment variables the agent can be located and automatically used for authentication when logging in to other machines using ssh
(1).ssh-agent
caches the key for you and you only need to enter the password once, when the agent wants to decrypt it (and often not even that, as the ssh-agent
can be integrated with pam
, which many distros do).ssh-agent
is that you only need to enter your passphrase once. If your private RSA key is not encrypted with a passphrase, then ssh-agent
is not necessary. The ssh
command would be an example of a client.ssh
ing into a variety of different machines, each with their own key and passphrase, then running ssh-agent
allows you to enter the passphrase for each key once at the start of your session and then you can authenticate to each machine as many times as you like without having to re-enter your passphrase.实践下来,最好用的方式为
eval $(ssh-agent -s)
ssh-add ~/.ssh/id_rsa
注意:
eval $(ssh-agent bash)
不行;
执行后,当前 terminal 立即生效,在其他 window 或 tab 上也直接可用了;