Wednesday, May 20, 2015

Understanding SSH agent

Assume the following;

  1. You're on host A
  2. Your SSH public key exists on all hosts, but your private key exists only on A.
  3. You need to get to host C via SSH, key auth only.
  4. You can't ssh from A to C because there's a firewall in the way.
  5. Logically you could A to B to C; but B doesn't have your private key.
  6. B is a shared computer.

The bad way;

  1. Put your ssh private key on B
  2. then ssh from A to B to C.

The correct way;

  1. use ssh agent to cache your private key (and keyphrase)
  2. ssh from A to B to C.

How to use ssh agent;

  1. write the following file to .sshenv
  2. source it when you need to use ssh agent
  3. ssh to B with ssh -A B
  4. from B ssh to C and ssh agent will use your cached private key.

 hoolio@macbook:~$ cat .sshenv  
 SSH_ENV="$HOME/.ssh/environment"  
 function start_agent {  
    echo "Initialising new SSH agent..."  
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"  
    echo succeeded  
    chmod 600 "${SSH_ENV}"  
    . "${SSH_ENV}" > /dev/null  
    /usr/bin/ssh-add;  
 }  
 # Source SSH settings, if applicable  
 if [ -f "${SSH_ENV}" ]; then  
    . "${SSH_ENV}" > /dev/null  
    #ps ${SSH_AGENT_PID} doesn't work under cywgin  
    ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {  
      start_agent;  
    }  
 else  
    start_agent;  
 fi  

No comments: