{"id":5857,"date":"2018-10-11T21:35:00","date_gmt":"2018-10-11T19:35:00","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=5857"},"modified":"2022-01-20T21:16:07","modified_gmt":"2022-01-20T20:16:07","slug":"linux-using-ssh-agent","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/linux-using-ssh-agent\/","title":{"rendered":"Linux: Using ssh-agent"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_5857 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_5857')){$('.twoclick_social_bookmarks_post_5857').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Linux%3A%20Using%20ssh-agent\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Aif%20you%20do%20not%20always%20want%20to%20enter%20your%20private%20key%20password%2Fpassphrase%20when%20using%20certificate%20based%20ssh%20or%20scp%20connections%20then%20ssh-agent%20is%20your%20friend%20%3A-%29%20.%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/linux-using-ssh-agent\\\/\",\"post_id\":5857,\"post_title_referrer_track\":\"Linux%3A+Using+ssh-agent\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>if you do not always want to enter your private key password\/passphrase when using certificate based ssh or scp connections then ssh-agent is your friend \ud83d\ude42 .<br \/>\n<!--more--><\/p>\n<p>When ssh-agent starts it creates a UNIX socket to which ssh or scp connects to. <\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev:~# ssh-agent\r\nSSH_AUTH_SOCK=\/tmp\/ssh-xpu8YEvBmBKf\/agent.537; export SSH_AUTH_SOCK;\r\nSSH_AGENT_PID=538; export SSH_AGENT_PID;\r\n<\/pre>\n<p>ssh-agent writes two lines with environment variables which must be set so that ssh or scp can use it. ssh-agent cannot set the environment variables directly because it cannot set variables in its parent process (bash). <\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev:~# SSH_AUTH_SOCK=\/tmp\/ssh-xpu8YEvBmBKf\/agent.537\r\nmichael@debdev:~# export SSH_AUTH_SOCK\r\nmichael@debdev:~# SSH_AGENT_PID=538\r\nmichael@debdev:~# export SSH_AGENT_PID\r\n<\/pre>\n<p>But there is also a shorter way. eval executes its 1st argument in the shells context. The command executed inside of the backticks `ssh-agent` tells the shell to take the output of the command an use it as a command line(s).<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev:~# eval `ssh-agent`\r\nAgent pid 538\r\nmichael@debdev:~# set | grep SSH\r\nSSH_AGENT_PID=538\r\nSSH_AUTH_SOCK=\/tmp\/ssh-xpu8YEvBmBKf\/agent.537\r\n<\/pre>\n<p>Ok ssh-agent is running now. Now you have to add a ssh private key.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev:~# ssh-add .ssh\/id_rsa\r\nEnter passphrase for .ssh\/id_rsa:\r\nIdentity added: .ssh\/id_rsa (rsa-key-Michael-20180820)\r\n<\/pre>\n<p>If your key uses the default name id_rsa you can omit the parameter<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev:~# ssh-add\r\nEnter passphrase for \/home\/michael\/.ssh\/id_rsa:\r\nIdentity added: \/home\/michael\/.ssh\/id_rsa (rsa-key-Michael-20180820)\r\n<\/pre>\n<p>Check it<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev:~# ssh debdev2 \r\nLinux debdev 4.9.0-7-686 #1 SMP Debian 4.9.110-3+deb9u2 (2018-08-13) i686\r\n...\r\n<\/pre>\n<p>Your ssh-agent can also forwarded through a ssh connection to the connected machine and you can use it there too. Start the ssh session with -A <\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev:~# ssh -A debdev2 \r\nLinux debdev 4.9.0-7-686 #1 SMP Debian 4.9.110-3+deb9u2 (2018-08-13) i686\r\n...\r\nmichael@debdev2:~# ssh debdev3\r\n....\r\n<\/pre>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, if you do not always want to enter your private key password\/passphrase when using certificate based ssh or scp connections then ssh-agent is your friend \ud83d\ude42 .<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[1255,224,1254,92,1252,194,1253],"class_list":["post-5857","post","type-post","status-publish","format-standard","hentry","category-linux","tag-certifiacte","tag-linux-2","tag-passphrase","tag-password","tag-private-key","tag-ssh","tag-without"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/5857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=5857"}],"version-history":[{"count":5,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/5857\/revisions"}],"predecessor-version":[{"id":5863,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/5857\/revisions\/5863"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=5857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=5857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=5857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}