by Devin Yang
(This article was automatically translated.)

Published - 7 years ago ( Updated - 7 years ago )

Programs in the ssh core suite such as scp, ssh, ssh-add, ssh-agent, sshd, and ssh-keygen
This article mainly briefly describes the usage scenarios of ssh-agent and ssh-add.

Before we start, let's take a brief introduction to the purpose of these instructions:
scp Secure Copy encrypts secure copies between hosts.
ssh The Secure Shell client is used to connect to the server to execute system commands, which can be regarded as encrypted telnet.
ssh-add Add key identification to authentication agents.
ssh-agent When performing public key authentication, the remote host can access and store your private key.
sshd By default it will listen to the Secure Shell server on port 22.
ssh-keygen The ssh key generator can generate public-private key pairs for public key verification of remote hosts.
Before we use ssh-add , let's take a look at the authentication agent (ssh-agent -- authentication agent), how to start him?
It's very simple, just enter the command ssh-agent on the command line.
ssh-agent
After completion, we can add the key to the ssh-agent (authentication agent) through the ssh-add command.
When no parameters are used, ssh-add will add ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/identity.
When the key has a password, it will ask to enter the password of the key. If multiple key files are provided, it will remember the last set of passwords entered .

Use one (memory password):
So we can add the password to ssh-agent through ssh-add to remember our key password,
In this way, we don't need to enter complex key passwords when we connect to the remote host.
We can use -K to memorize the password into the key ring. (The ssh-agent key will be forgotten after rebooting on Mac OS)

Purpose 2 (forwarding and verifying agent connection): Oh, it’s too classical, to put it bluntly, it is cross-host verification.

Client---->ServerA---->ServerB.

For example, Server A cannot log in to Server B, but our Client can log in to both A and B.
We can use ssh -A ServerA , because of the -A parameter, the forwarding function is enabled, so that we can connect to ServerA and then use our key to connect to ServerB through the forwarding agent.
We can view the public key added to ssh-agent through the following command ssh-add -L .

But it seems troublesome to enable this function every time, so we can also add it to our ssh configuration file.
~/.ssh/config
Host ServerA
HostName 35.194.181.21
ForwardAgent yes

Tags: linux security

Devin Yang

Feel free to ask me, if you don't get it.:)

No Comment

Post your comment

Login is required to leave comments

Similar Stories


linux,mac

Password Generator on MacOS or Linux

Sometimes we need to generate a random password, but do not know what to use? Here is a simple bash that allows us to easily generate a set of passwords on the terminal.

linux

Generate ssh key pair without password query

Sometimes it is necessary to generate an ssh key pair for automatic configuration. There is no password query in the command line, and an ssh key pair is generated.

linux,config

Ubuntu ppp0 renamed eth0

Not sure who will use it, but I encountered it myself, because my home is a floating IP. A software I installed cannot detect that the ppp0 network card is an external network, so changing the name can trick him into successfully installing it.