by Devin Yang
(This article was automatically translated.)

Published - 7 years ago ( Updated - 7 years ago )

Programs in the ssh core suite such as scp, ssh, ssh-add, ssh-agent, sshd, and ssh-keygen
This article mainly briefly describes the usage scenarios of ssh-agent and ssh-add.

Before we start, let's take a brief introduction to the purpose of these instructions:
scp Secure Copy encrypts secure copies between hosts.
ssh The Secure Shell client is used to connect to the server to execute system commands, which can be regarded as encrypted telnet.
ssh-add Add key identification to authentication agents.
ssh-agent When performing public key authentication, the remote host can access and store your private key.
sshd By default it will listen to the Secure Shell server on port 22.
ssh-keygen The ssh key generator can generate public-private key pairs for public key verification of remote hosts.
Before we use ssh-add , let's take a look at the authentication agent (ssh-agent -- authentication agent), how to start him?
It's very simple, just enter the command ssh-agent on the command line.
ssh-agent
After completion, we can add the key to the ssh-agent (authentication agent) through the ssh-add command.
When no parameters are used, ssh-add will add ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/identity.
When the key has a password, it will ask to enter the password of the key. If multiple key files are provided, it will remember the last set of passwords entered .

Use one (memory password):
So we can add the password to ssh-agent through ssh-add to remember our key password,
In this way, we don't need to enter complex key passwords when we connect to the remote host.
We can use -K to memorize the password into the key ring. (The ssh-agent key will be forgotten after rebooting on Mac OS)

Purpose 2 (forwarding and verifying agent connection): Oh, it’s too classical, to put it bluntly, it is cross-host verification.

Client---->ServerA---->ServerB.

For example, Server A cannot log in to Server B, but our Client can log in to both A and B.
We can use ssh -A ServerA , because of the -A parameter, the forwarding function is enabled, so that we can connect to ServerA and then use our key to connect to ServerB through the forwarding agent.
We can view the public key added to ssh-agent through the following command ssh-add -L .

But it seems troublesome to enable this function every time, so we can also add it to our ssh configuration file.
~/.ssh/config
Host ServerA
HostName 35.194.181.21
ForwardAgent yes

Tags: linux security

Devin Yang

Feel free to ask me, if you don't get it.:)

No Comment

Post your comment

Login is required to leave comments

Similar Stories


linux, centos, rsnapshot

How to install rsnapshot on CentOS 7

rsnapshot is a rsync-based tool that can perform snapshot incremental backups. However, we installed which rsnapshot in CentOS. Why is there no such command? There is no way to install it with yum install rsnapshot?

linux

About setfacl

I think most of the current Linux supports Access Control List (ACL). With filesystem ACLs enabled, We can set additional permissions to different users or groups. This allows us to set the file system permissions of different users more freely. Go straight to the command.

linux

How to create an ssh key so that your computer can connect to the instance of GCE

Recently, I just started using Google's GCE, and I will record the official Goolge documentation on how to generate a key for the instance to use. The -C comment here will use the name of the logged-in user, and the -t will use rsa.