Caching Keys with sshagent

To prevent yourself from entering private keys all the time, you can use ssh-agent. This useful program caches keys for a given shell environment. After starting ssh-agent for a given shell, you need to add the passphrase for the private key you want to use. This is something you will do for a specific shell, so after you close that specific shell or load another shell, you need to add the passphrase to that shell again.

After adding a passphrase to ssh-agent, the passphrase is stored in RAM. It is stored in a way that it cannot be accessed; only the user who added the key to RAM is able to read it from there. Also, ssh-agent listens only to the ssh and scp processes that were started locally, so you have no way to access a key that is kept by ssh-agent over the network. So, you can be sure that using ssh-agent is pretty secure. Apart from being secure, it is pretty easy to do as well. Enabling ssh-agent and adding a passphrase to it is just a simple two-step procedure:

1. From the shell prompt, use ssh-agent, followed by the name of the shell you want to use it for. For example, use ssh-agent /bin/bash to activate ssh-agent for the bash shell.

2. Now type ssh-add. This will prompt you for the passphrase of your current private key. As the result of this action, you'll see the message identity added, followed by the private key of which the passphrase is added to ssh-agent.

Tip SSH is a great method to get access to other hosts. But did you know you can also use it to mount a file system on a remote system? All modern versions of SSH support this feature: just use sshfs, which gives access to all files and directories on the remote server that as a normal user on that server you can access. If you know how to mount a directory with mount, working with sshfs is easy; for example, the command sshfs [email protected]:/ data /mnt/AMS would give access to the /data directory on the remote server and connect that directory to /mnt/AMS on the local server.

Was this article helpful?

0 0

Post a comment