Table of Contents
SSH Agent
Preface
In standard situation when you are connecting to server you are using password or SSH public key with passphrase for authentication. It is possible that you are connecting daily to several servers and you are looking for solution to simplify your life. It mean that you will need to provide password or passphrase each time when you are opening SSH connection. In this case SSH is able to help you. The solution is called SSH Agent.
It is possible to
provide your private SSH key to application running on your local system. This application will take your SSH related keys and ask you for the passphrase once and you will be able to use your ssh keys each time when you are connecting to an of you SSH Servers without asking you for password or passphrase.
Start SSH Agent
Before we will start SSH Agent it is any time good idea to check if on the system is not running any SSH Agent.
# echo $SSH_AUTH_SOCK # In this system variable is stored path to SSH Agent socket
Starting SSH Agent:
$ ssh-agent $SHELL # As an parameter system variable is needed
Check if the SSH agent is running:
$ echo $SSH_AUTH_SOCK /tmp/ssh-TdPKi24462/agent.24462 # Our SSH Agent is running
Load User SSH Keys
After SSH Agent was started it is required to import user’s private SSH key that will be used for authentication of this user on remote server (in same way as in User Authorization with public keys )
To import users private SSH Key you will need as a user to un this command:
$ ssh-add ~/.ssh/id_dsa # This will import user's private DSA key Enter passphrase for /home/user/.ssh/id_rsa: # Provide passphrase to this public key Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa) $ ssh-add ~/.ssh/id_rsa # This will import user's private RSA key Enter passphrase for /home/user/.ssh/id_dsa: # Provide passphrase to this public key Identity added: /home/user/.ssh/id_dsa (/home/user/.ssh/id_dsa)
List of all loaded SSH keys
To see all SSH keys loaded in SSH agent run this command:
$ ssh-add -l 4096 57:5a:d1:c1:6c:5c:ab:9f:88:4c:d9:6d:d8:09:85:89 /home/user/.ssh/id_rsa (RSA) 1024 06:85:95:ff:2a:bf:ef:42:78:c3:4e:de:4c:6d:0c:2d /home/user/.ssh/id_dsa (DSA)
Print SSH public keys in “authorized_keys” format
This is can be used in the case that you will need to get all your public keys ready for import in to “ ~/.ssh/authorized_keys ” on destination SSH server for user authentication.
$ ssh-add -L ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA+DAoOnheqgzGhXMF7tHxe2BAmZSq1ToTDYLuiF1DkX2ASlmZSFuhN65ReBPRMY1p/i1fQ3q+DyKYKtAxNTlIlg8/Z6zOTjNcwJt7udyRZtAn53yxiZsHuMQfoR2rTKlcgVKJicYfbyO8C1LTinpsY+Oemxgs3zDcAcJgNlavgSKpPJYouSTAM9h5lElPrX9QBVZ26q1WfwqZ3S047UuOzJsMMnFlShOA00JH538PZ/s7kUGn+RysdFSrJK7oxdgvj/msbs6VbPnKFgOCdq+tKFe3jTET2olVhxpFCDrMHW8h1yPTZ+SBmYAoOJt0mMF5nVAM6rhdx+pcGnM4/o6/Wk4z6h5+dB9JI7or5kTZHpldbOgwM4qP2cRciIDBicq1+R8yjGEdGgefaKOWr55dm4jvSUDGNPk7PBQMdneVfyTMcbzqJ9iZJvoFiyoaglfHYKpFUj56gRDicAopiX2veUVxLFD01lkQZNJYVfthytUM8SXoG9G+88n0IAzDfCliYyNKZAFV8cgm66b1pzmgC+ETzJcVjDyVjF6qYmrXYSJv/mRHYGfFV+O6aHIVz3F15B7P72gUyKLpFw8rn5hRRS32Ja9oKHTLU1D/LOi8NPVS3lccij3dk6G15ZQv0pa0JWe+fB709oXAsz/Mn6t7A8Za9HCMgQ1TifSLiJx827c= /home/user/.ssh/id_rsa ssh-dss AAAAB3NzaC1kc3MAAACBAPzuh28bO5EHt2RHIqZpO0qFSYb4gITGA5xqfqlP8tLuH119ylWabTSOa90RtjW7dDyCfTuptpsIMPjViYq5WQwP/YGVQWDO6HG7V6h8IPbNOr2txridbUofCoHWm5rACvKllHMRzP7LObhPVyoAUwLL72NSkplujz9e95qH1RePAAAAFQDr8ok1Wf+MNYy8HfZlSyFuGl/0YQAAAIA2PeKY/nm4F8Rqi11G3DWl/v1H3fu6KRscKqTd9jkRm+6540nX4aax05j8winS/tIbxgDpTz1/M0+c2OeXUmjHammmkqV5guyuLKGQkYgmN0bxDCtVVR+9zvhIRjCLrbV4UdE11ajHdF16JSaswhCE33FGKXO6zzidSnTe6TeHjgAAAIBnJBS6B2H2qpp7igUWm9s13/Jyr5N5KeXXNMgDlxAkpNv4vtsg7ohX1UMZE1O/6hKmQJLUOUJM1LjM9mdRHA/ao/VPdFKlEYM7aNM/+JqN7qJsdNXmgc6M7EsiJzPElESZzCAyFUwcGoejJK1Wd7XqLOYgr6CNFdMTMRpyjrrDqQ== /home/user/.ssh/id_dsa
Connect to remote SSH Server
[user@DD1 ~]$ ssh DD2 # As you can see no one is asking for password or passphrase Last login: Sat Jan 18 19:30:37 2014 from DD1 [user@DD2 ~]$
Delete SSH Key from SSH Agent
It is possible to delete just one from loaded SSH keys:
$ ssh-add -l # Check the list of loaded keys 4096 57:5a:d1:c1:6c:5c:ab:9f:88:4c:d9:6d:d8:09:85:89 /home/user/.ssh/id_rsa (RSA) 1024 06:85:95:ff:2a:bf:ef:42:78:c3:4e:de:4c:6d:0c:2d /home/user/.ssh/id_dsa (DSA) $ ssh-add -d /home/user/.ssh/id_rsa # Delete one of the loaded keys Identity removed: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa.pub) $ ssh-add -l # Check the list of loaded keys 1024 06:85:95:ff:2a:bf:ef:42:78:c3:4e:de:4c:6d:0c:2d /home/user/.ssh/id_dsa (DSA)
Or it is possible to delete all loaded SSH keys:
$ ssh-add -l # Check the list of loaded keys 1024 06:85:95:ff:2a:bf:ef:42:78:c3:4e:de:4c:6d:0c:2d /home/user/.ssh/id_dsa (DSA) 4096 57:5a:d1:c1:6c:5c:ab:9f:88:4c:d9:6d:d8:09:85:89 /home/user/.ssh/id_rsa (RSA) $ ssh-add -D # Delete one of the loaded keys All identities removed. $ ssh-add -l # Check the list of loaded keys The agent has no identities.
Start or Connect to SSH Agent at Logging in to Linux
Please add in to user related “ ~/.bash_profile “ or in to “ ~/ .bashrc “ (depending on the distribution that you are using) .
This short bash script:
# If no SSH agent is already running, start one now. Re-use sockets so we never # have to start more than one session. export SSH_AUTH_SOCK=/home/$USER/.ssh-socket ; # Set variable for SSH Agent ssh-add -l>/dev/null 2>&1 ; # Check if SSH Agent is running if [ $? = 2 ]; then # If SSH Agent start him and import SSH keys rm -rf $SSH_AUTH_SOCK ; ssh-agent -a $SSH_AUTH_SOCK>| /tmp/.ssh-script #>| allows output redirection to over-write files if no clobber is set source /tmp/.ssh-script echo $SSH_AGENT_PID>| ~/.ssh-agent-pid #>| allows output redirection to over-write files if no clobber is set rm /tmp/.ssh-script ssh-add ; fi
In this way you can use one server like hopping server to more destinations. You can start SSH Agent on one console and use it any time when you are logged in without starting a new SSH Agent.
