reply

ever get tired of passwords? one of the areas where you can avoid re-entering password is with ssh logins. if you have a couple of boxes or even shells, then this will come in handy.

make a pair of keys.


$ mkdir ~/.ssh; ssh-keygen -d

copy your public key (~/.ssh/id_dsa.pub) to your authorized keys file (~/.ssh/authorized_keys) on a remote host

$ ssh-copy-id -i ~/.ssh/id_dsa jaroslav@tryggve.lan
($ cat ~/.ssh/id_dsa.pub |ssh jaroslav@tryggve.lan cat - \>\> \$HOME/.ssh/authorized_keys)

now shell into that remote host

ssh jaroslav@tryggve.lan

voila!

if you didn’t set a pass-phrase in the first step, you can do so now by issuing the command
ssh-keygen -p

the beauty of not having a password should be self-evident, the risk too. to avoid the risk and keep the benefits of ssh keys there is ssh-agent.

eval `ssh-agent`
ssh-add

…will span a key-agent in the background and add the identity of the private key you created in step one to that agent. now you can do just as you would without a password. for example:

remotely:
ssh jaroslav@tryggve uname -norp
host: tryggve.lan
tryggve 2.6.26-cpufreq AMD Athlon(tm) 64 Processor 3200+ GNU/Linux

locally:
$ uname -norp
raptor 2.6.29-cpufreq-video Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz GNU/Linux

this is swell and fine, but opening new terminals or even killing your x would cause you to lose the socket name of the agent unless you do something like

ssh-agent > .variables
source .variables

that would work even from a different terminal. this is actually how i did it for a while:
alias ssh-agent="ssh-agent > .agent-ssh; source ~/.agent-ssh"

but that solution if flawed because old sessions of the agent are piling up and could pose a risk as well as … whatever.. it’s just not right.
thus i came up with

#
# the script is intended to be sourced from .bashrc
#
# it will start a new ssh-agent when you log in or connect you to the one
# already running. mind you if there are other ssh-agent(s) running for the
# current user with variables stored elsewhere than .ssh/vars.sh this script
# will do nothing to regain or remove them.
#
# original script found at http://www.nyetwork.org/wiki/SSH
# and as the author there says, it will not produce any output thus letting
# things like scp or rsync run smoothly
# latest version can be found here: http://genja.org/whatever/shellscripts/agent-ssh
#
# –jaroslav, genja.org
#
#
#
#
# rxvt rxvt-unicode woot

#
# leave unset if you wish to run ssh-add manually

ASK4PASS=yes

#Time format examples:
#
# 600 600 seconds (10 minutes)
# 10m 10 minutes
# 1h30m 1 hour 30 minutes (90 minutes)

SSH_AGENT_LIFE=”-t 90m”

SSH_VARS=$HOME/.ssh/vars.sh

# everything below this line should work without intervention
#

#
# this ps line works with:
# Linux procps version 3.2.7 http://procps.sourceforge.net/
# other *nixes will need different ps arguments
# TODO make a case `uname` in Linux)PSARGS=lol;; *BSD)PSARGS=blol;; Darwin)PSARGS=dlol;; esac
case `uname` in
Linux) psA=’-a -o pid,args -p’;;
AIX) psA=’-a -o pid,args -p’;;
SunOS) psA=’dunno…’;;
*BSD) psA=’axwwo pid,args’;;
Darwin) psA=’dunno..’;;
CYGWIN_NT-5.1) psA=’-e -f -a -p’;;
esac

# source the variables file and find out wether ssh-agent is
# still running
#
[ -s $SSH_VARS ] && . $SSH_VARS >/dev/null && \
RUNNING=`ps $psA $SSH_AGENT_PID |grep [s]sh-agent`

#
# do we have an agent?
#
#
if [ "$SSH_AUTH_SOCK" == "" ] || [ ! -e "$SSH_AUTH_SOCK" ]\
|| [ ! -S "$SSH_AUTH_SOCK" ] || [ "$RUNNING" == "" ];
then

VAR=`ssh-agent 2>/dev/null`
eval $VAR >/dev/null

echo $VAR > $SSH_VARS
fi

# ask for pass-phrase on interactive shells
NOID=”The agent has no identities.”
if [ $ASK4PASS ]; then
case “$-” in
*i*) [ "$NOID" = "`ssh-add -l `" ] && ssh-add $SSH_AGENT_LIFE ;;
*) ## stay quiet ;;
esac
fi

for more information you could check out the following manuals:

$ apropos ^ssh[^d]
ssh (1) – OpenSSH SSH client (remote login program)
ssh-add (1) – adds RSA or DSA identities to the authentication agent
ssh-agent (1) – authentication agent
ssh-copy-id (1) – install your public key in a remote machine’s authorized_keys
ssh-keygen (1) – authentication key generation, management and conversion
ssh-keyscan (1) – gather ssh public keys
ssh-keysign (8) – ssh helper program for host-based authentication
ssh_config (5) – OpenSSH SSH client configuration files

[WRITTEN] 09. Oct 2009 14:39 [CATEGORY] Uncategorized, geek

Comments

Leave a Reply