public:ssh-usage-linux

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
public:ssh-usage-linux [2009-10-01 08:06] – created Adriaan Rentingpublic:ssh-usage-linux [2009-10-01 08:08] Adriaan Renting
Line 1: Line 1:
  
-Note that the permissions on the socket file prevent people from accessing your agent - but on a regular Unix system the 'root' user can override these restrictions. Hence, 'root' can set ''SSH_AUTH_SOCK'' to your socket and use ''ssh-add'' to list/add/delete your keys. He can also log in on all of your systems without having to use a password. **Be warned.** +====== Advanced Linux tricks for ss-agent ====== 
  
-=== Persistent agent ===+===== Persistent agent =====
 In theory, you only need to start up the agent once on the host you use to connect to other systems (e.g. your laptop) and be done with it; all requests from all your shells may be handled by the very same agent. However, this requires the proper setting of the environmental variables. Alas, there is no simple way to find out which socket an agent uses. But a little script magic will do the trick. If you use ''bash'' you can copy the following code into your ''.bashrc'' to re-use your running agent: In theory, you only need to start up the agent once on the host you use to connect to other systems (e.g. your laptop) and be done with it; all requests from all your shells may be handled by the very same agent. However, this requires the proper setting of the environmental variables. Alas, there is no simple way to find out which socket an agent uses. But a little script magic will do the trick. If you use ''bash'' you can copy the following code into your ''.bashrc'' to re-use your running agent:
  
Line 84: Line 85:
  
 Note that it is possible to FORCE the name of the socket which ''ssh-agent'' will use by specifying the ''-a'' flag. Hence, you might also consider putting the socket for your agent in your ''HOME'' directory. You could simplify the script accordingly. Note that it is possible to FORCE the name of the socket which ''ssh-agent'' will use by specifying the ''-a'' flag. Hence, you might also consider putting the socket for your agent in your ''HOME'' directory. You could simplify the script accordingly.
 +
 +===== Note of caution on it's usage =====
 +
 +Note that the permissions on the socket file prevent people from accessing your agent - but on a regular Unix system the 'root' user can override these restrictions. Hence, 'root' can set ''SSH_AUTH_SOCK'' to your socket and use ''ssh-add'' to list/add/delete your keys. He can also log in on all of your systems without having to use a password. **Be warned.** 
 +
 +
  • Last modified: 2017-03-08 15:27
  • by 127.0.0.1