Security: Ssh-agent

(last edit: 2000-11-22) This agent stores your passphrase for as long as ssh-agent is running. From the prompt type: user@host:~#ssh-agent startx From X type: user@host:~#ssh-add Ssh-add will ask you for your passphrase when your identity file requires one. from the freebsd 3.4 manual: Ssh-agent is a program to hold authentication private keys. The idea is that ssh-agent is started in the begin- ning of an X-session or a login session, and all other windows or programs are started as children of the ssh- agent program (the command normally starts X or is the user shell). Programs started under the agent inherit a connection to the agent, and the agent is automatically used for RSA authentication when logging to other machines using ssh. [...] The agent initially does not have any private keys. Keys are added using ssh-add. When executed without arguments, ssh-add adds the $HOME/.ssh/identity file. If the iden- tity has a passphrase, ssh-add asks for the passphrase (using a small X11 application if running under X11, or from the terminal if running without X). It then sends the identity to the agent. Several identities can be stored in the agent; the agent can automatically use any of these identities. Ssh-add -l displays the identities currently held by the agent. [...] The idea is that the agent is run in the user's local PC, laptop, or terminal. Authentication data need not be stored on any other machine, and authentication passphrases never go over the network. However, the con- nection to the agent is forwarded over ssh remote logins, and the user can thus use the privileges given by the identities anywhere in the network in a secure way.

Click here to go back to the index.