Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] ssh-agent not being magical enough



On Thu, May 26, 2011 at 12:43:31PM +0900, Darren Cook wrote:
> 
> But, now I want to do that deliberately on a remote server and it won't
> work! What I want is:
>   $ ssh first
>   [first]$ scp abc second:~
>    --> prompt for the key passphrase [2]
>   [first]$ scp abc second:~
>    --> used saved passphrase

You are looking into running ssh-agent on host 'first', most people run
it on the original host from where they log onto 'first'.


> This isn't what happens - it asks for the passphrase each time I use
> scp. Whether I have started ssh-agent or not.
> 
> If I put this in .bash_profile on second:
>   eval `ssh-agent`
>   ssh-add ~/.ssh/testkey

You probably think of 'first' instead of 'second' here.

To get what you want in running ssh-agent on 'first' I would do this:

- use only 'eval `ssh-agent`' in this .bash_profile, giving you an empty
ssh-agent whenever logged in
- create a file like this on first:
cat >~/autophrase<<EOT
#!/bin/bash

if $(/usr/bin/ssh-add -l >/dev/null); then 
        # echo "key already in the agent"
        $@
else 
        # echo "key not there"
        ssh-add
        $@
fi
EOT
- make it executable 'chmod +x ~/autophrase'
- now in the future instead of 
	'scp abc second:~'
  use
	'~/autophrase scp abc second:~'
  which will ask you for the passphrase if the agent has not yet stored
  the key.



Further convenience:
- better use the original host for storing the key and running ssh-agent
  Add the key to the ssh-agent there right after login and use it as long
  as you are logged in for all remote computers.
- create an alias to simplify the command:
	alias ascp='/home/username/autophrase scp'


Christian


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links