Go to the U of M home page
School of Physics & Astronomy
School of Physics and Astronomy Wiki

User Tools

Trace: ssh_keychain
computing:department:unix:ssh_keychain

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:department:unix:ssh_keychain [2008/07/24 08:19] rubincomputing:department:unix:ssh_keychain [2019/06/17 10:24] (current) – [Using keychain with SSH] sull0153
Line 1: Line 1:
 ====== Using keychain with SSH ====== ====== Using keychain with SSH ======
-If you use ssh's built in public-key/private-key passwordless authentication with an encrypted private key, you may find it annoying to enter the private key password in all the time. ssh-agent provides some releaf for the problem, but not to as far an extent as we would hope. So, the nice folks at IBM created [[http://www.gentoo.org/proj/en/keychain/|keychain]].+If you use ssh's built in public-key/private-key passwordless authentication with an encrypted private key, you may find it annoying to enter the private key password in all the time. ssh-agent provides some releaf for the problem, but not to as far an extent as we would hope. So, the nice folks at IBM created [[https://www.funtoo.org/Keychain|keychain]].
  
 ===== Overview ===== ===== Overview =====
Line 22: Line 22:
 Add the following to your ~/.bashrc file: Add the following to your ~/.bashrc file:
 <xterm> <xterm>
 +# Clear existing broken ssh-agent environment
 +
 +if [ ! -f "${SSH_AUTH_SOCK}" ] ; then
 +  export SSH_AUTH_SOCK=""
 +fi
 +
 # if ssh auth forwarding is enabled, use it and dont start keychain # if ssh auth forwarding is enabled, use it and dont start keychain
 if [ "${SSH_AUTH_SOCK}x" == "x" ] && [ "$UID" != "0" ] ; then if [ "${SSH_AUTH_SOCK}x" == "x" ] && [ "$UID" != "0" ] ; then
     if [ -x /usr/bin/keychain ] ; then     if [ -x /usr/bin/keychain ] ; then
-       #echo "Setting up keychain..." 
        /usr/bin/keychain -q -Q --lockwait 1 ~/.ssh/id_rsa        /usr/bin/keychain -q -Q --lockwait 1 ~/.ssh/id_rsa
        if [ -f ~/.keychain/$HOSTNAME-sh ] ; then        if [ -f ~/.keychain/$HOSTNAME-sh ] ; then
Line 33: Line 38:
 fi fi
  
-# If we have ssh-agent running, forward it to the next host. Otherwise dont try to use key authentication at all.+# If we have ssh-agent running, forward it to the next host
 +# otherwise dont try to use key authentication at all.
 if [ "${SSH_AUTH_SOCK}x" == "x" ]; then if [ "${SSH_AUTH_SOCK}x" == "x" ]; then
     # if we dont have an auth sock, dont use pub key identification     # if we dont have an auth sock, dont use pub key identification
Line 41: Line 47:
     alias ssh='ssh -A'     alias ssh='ssh -A'
 fi fi
 +
 </xterm> </xterm>
  
Line 47: Line 54:
   source ~/.bashrc   source ~/.bashrc
  
-Now if you log out and back in to x, you should get prompted the first time you open a command shell for your private key. After that you can ssh anywhere and through multiple systems without being asked your password again.+Now if you log out and back in to x, you should get prompted the first time you open a command shell for your private key. After that you can ssh anywhere and through multiple systems without being asked your password again. (you may have to kill ssh-agent and then restart x for changes to take effect)
  
  
  
computing/department/unix/ssh_keychain.1216905563.txt.gz · Last modified: 2008/07/24 08:19 by rubin

Page Tools