by Devin Yang
(This article was automatically translated.)

Published - 7 years ago ( Updated - 7 years ago )

Programs in the ssh core suite such as scp, ssh, ssh-add, ssh-agent, sshd, and ssh-keygen
This article mainly briefly describes the usage scenarios of ssh-agent and ssh-add.

Before we start, let's take a brief introduction to the purpose of these instructions:
scp Secure Copy encrypts secure copies between hosts.
ssh The Secure Shell client is used to connect to the server to execute system commands, which can be regarded as encrypted telnet.
ssh-add Add key identification to authentication agents.
ssh-agent When performing public key authentication, the remote host can access and store your private key.
sshd By default it will listen to the Secure Shell server on port 22.
ssh-keygen The ssh key generator can generate public-private key pairs for public key verification of remote hosts.
Before we use ssh-add , let's take a look at the authentication agent (ssh-agent -- authentication agent), how to start him?
It's very simple, just enter the command ssh-agent on the command line.
ssh-agent
After completion, we can add the key to the ssh-agent (authentication agent) through the ssh-add command.
When no parameters are used, ssh-add will add ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/identity.
When the key has a password, it will ask to enter the password of the key. If multiple key files are provided, it will remember the last set of passwords entered .

Use one (memory password):
So we can add the password to ssh-agent through ssh-add to remember our key password,
In this way, we don't need to enter complex key passwords when we connect to the remote host.
We can use -K to memorize the password into the key ring. (The ssh-agent key will be forgotten after rebooting on Mac OS)

Purpose 2 (forwarding and verifying agent connection): Oh, it’s too classical, to put it bluntly, it is cross-host verification.

Client---->ServerA---->ServerB.

For example, Server A cannot log in to Server B, but our Client can log in to both A and B.
We can use ssh -A ServerA , because of the -A parameter, the forwarding function is enabled, so that we can connect to ServerA and then use our key to connect to ServerB through the forwarding agent.
We can view the public key added to ssh-agent through the following command ssh-add -L .

But it seems troublesome to enable this function every time, so we can also add it to our ssh configuration file.
~/.ssh/config
Host ServerA
HostName 35.194.181.21
ForwardAgent yes

Tags: linux security

Devin Yang

Feel free to ask me, if you don't get it.:)

No Comment

Post your comment

Login is required to leave comments

Similar Stories


linux

Generate ssh key pair without password query

Sometimes it is necessary to generate an ssh key pair for automatic configuration. There is no password query in the command line, and an ssh key pair is generated.

linux,macos

PS aux will you?

For Linux system administrators, you must understand the ps aux command. If you want to be a Linux system administrator, or you are a Linux user, you should understand this command. ps is process status For short, anyone can find out what kind of program is running on the system and how the status is executed through this command. I saw some programs that should not appear, maybe the system was hacked and used to mine🥹

linux

Load the environment variables of .env to the system

Load the environment variables of .env to the system