- Linux Administration Cookbook
- Adam K. Dean
- 359字
- 2021-07-02 14:24:24
How to do it...
Start by running the ssh-agent command:
[vagrant@centos1 ~]$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-9On2mDhHTL8T/agent.6693; export SSH_AUTH_SOCK;
SSH_AGENT_PID=6694; export SSH_AGENT_PID;
echo Agent pid 6694;
You can see it's printed several environment variables and the process ID it's running on.
We can confirm this is the case:
[vagrant@centos1 ~]$ pidof ssh-agent
6694
Copy the various variables that have been provided for you and paste them into the same window:
[vagrant@centos1 ~]$ SSH_AUTH_SOCK=/tmp/ssh-9On2mDhHTL8T/agent.6693; export SSH_AUTH_SOCK;
[vagrant@centos1 ~]$ SSH_AGENT_PID=6694; export SSH_AGENT_PID;
[vagrant@centos1 ~]$
Now, run the ssh-add command and fill in your key's passphrase when prompted:
[vagrant@centos1 ~]$ ssh-add
Enter passphrase for /home/vagrant/.ssh/id_ed25519:
Identity added: /home/vagrant/.ssh/id_ed25519 (vagrant@centos1)
[vagrant@centos1 ~]$
You can see that it informs you that it's added your identity.
SSH to centos2, and prepare to be amazed when you're not prompted for your passphrase:
[vagrant@centos1 ~]$ ssh 192.168.33.11
Last login: Thu Aug 9 15:36:02 2018 from 192.168.33.10
[vagrant@centos2 ~]$
You may think that you don't mind typing in your passphrase once or twice a day, and you'd be fine to think that, but if you're logging into a machine that infrequently, you're probably a very lucky system administrator. Where SSH agents excel is when you want to log into tens or hundreds of machines, or even if you're using a ProxyJump box, and don't feel like typing your passphrase any more times than is necessary.
To kill a running agent, use -k:
[vagrant@centos1 ~]$ ssh-agent -k
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 6694 killed;
I have seen cases where companies don't like the use of SSH agents, and mandate passwords or passphrases each time. Check you're not violating some obscure security policy to make your life easier.
Then, run the suggested unset commands to remove the variables we set before:
[vagrant@centos1 ~]$ unset SSH_AUTH_SOCK;
[vagrant@centos1 ~]$ unset SSH_AGENT_PID;
Simply logging out of your session won't stop the ssh-agent program from running. Be mindful of this if you choose to use it. Likewise, you shouldn't run an agent on a remote host shared between multiple people – it's best kept to your personal machine. If you plan on using an SSH agent, read up on current security practices.