However for security reasons it is strongly reccomended to set a password on the key file. Otherwise anyone who can steal your key somehow (like accessing your computer physically), can steal your identity. But if your key file has a password, then you would have to write the password each time, so it wouldn't be much better than using passwords instead of keys in the first time. Luckily there is a solution: ssh-agent and ssh-add. ssh-agent runs as a deamon and remembers the password to your key. ssh-add allows you to tell ssh-agent the password.
As ssh-agent keep running when you log off your session, you may add some lines to your shell startup script, to test if ssh-agent is running, otherwise to start it and ask you the password (via ssh-add). In the github guides there is a script for bash (). I adapted it to use it in tcsh, which I use as a shell. Here is it (I added these lines at the bottom of my .tcshrc file, only *before* setting the prompt explicitely, as I used it to distinguish interactive sessions from non-interactive ones):
# start ssh agent if not started yet
set SSH_ENV = "$HOME/.ssh/environment"
unset SSH_AGENT_RUNNING
if (-f $SSH_ENV) then
source $SSH_ENV
ps $SSH_AGENT_PID > /dev/null && set SSH_AGENT_RUNNING
endif
if ($?prompt && ! $?SSH_AGENT_RUNNING) then
echo "Initializing SSH agent..."
/usr/bin/ssh-agent | sed 's/^echo/#echo/' >! $SSH_ENV
chmod 600 $SSH_ENV
source $SSH_ENV
echo "done: ssh-agent is now running, PID $SSH_AGENT_PID"
/usr/bin/ssh-add
endif
No comments:
Post a Comment