Skip to content

Instantly share code, notes, and snippets.

@almoore

almoore/SSH_AGENT_SETUP.md

Created October 21, 2019 20:54
Show Gist options
  • Save almoore/3c432a9dfb8b3f1fdcea16743fcc515e to your computer and use it in GitHub Desktop.
Save almoore/3c432a9dfb8b3f1fdcea16743fcc515e to your computer and use it in GitHub Desktop.
Download ZIP
SSH Agent and Forwarding
Raw
SSH_AGENT_SETUP.md

SSH Agent

We already know how to use keys in order to connect through Secure Shell, but, there is an issue, it requires unlocking private key with a secret passphrase upon each connection.

To avoid this, we need to use ssh-agent, a program that runs in background and stores your keys in memory.

Enable ssh-agent

# start the ssh-agent in the background
$ eval "$(ssh-agent -s)"
Agent pid 69599

Add the SSH key to the ssh-agent

$ ssh-add ~/.ssh/id_rsa

Setting up SSH agent forwarding

Remember that we need to already have our key associated with the remote agent such as a github repo a ssh host.

So, let's configure:

Create or open up the file at ~/.ssh/config Enter the following text, replacing myhost.com with our server domain name or IP

Host myhost.com
  ForwardAgent yes

This can also be done with command line args, if we don't want to create a config file,using -A flag with the ssh command.

ssh -A user@myhost.com

Enabling SSH Agent To Launch On Demand

MacOS X modifies SSH agent so that it is started via the Mac OS X launchd service on demand (i.e. it will be launched on first use). This is important only if you're on Mac OS X Leopard 10.5.1 or below. If you're on anything newer, you may no longer need to do this, so feel free to skip this step if the agent is already running on startup

To enable SSH agent starting automatically on demand (this happens by integrating SSH agent with launchd) you need to open a terminal and run:

$ sudo touch /var/db/useLS

Storing Passphrases in the Keychain

To store the passphrase for your default key in the Keychain open a Terminal and run:

$ ssh-add -K

And to store the passphrase for a different key run:

$ ssh-add -K /path/to/private/key/file

When prompted for your passphrase enter it and that is it.

You will never need to run ssh-add nor enter your passphrase again.

Raw
SSH_KEY_SETUP.md

Using SSH Public Key access

As we know, if we try to connect to a server using basic SSH. It will prompt interactive shell asking us the password. In order to avoid for the server prompting to enter a password each time that we want to connect. We create a pair of public and private keys.

Start key generation program

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key(/home/johndoe/.ssh/id_rsa): 
You should enter the path to the file that will hold the key, by default is id_rsa on your .ssh directory.

This will create two files, a private key, and a public one. The public key will have .pub appended to its name.

Add the public key to access remote host

We need to add our public key id_rsa on our remote host, the path is $HOME/.ssh/authorized_keys

Connecting through SSH using our keys

ssh -i ~/.ssh/id_rsa user@our_host_ip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment