A related recent post by Tarek Ziade...
http://tarekziade.wordpress.com/2010/02/01/simple-command-line-vault-clvault/
Cheers,
Ric
On Feb 9, 2010, at 8:12 PM, Igal Koshevoy wrote:
Chris Pitzer talked about ssh-copy-id, you can find his notes online
at:
http://blog.christopherpitzer.com/2010/ssh-copy-id/
I mentioned that it's possible to use a persistent program to load
your
SSH keys, which will ask you to enter the passwords for your keys,
and
then keep them loaded in memory so you don't have to keep re-entering
the key passwords.
"keychain" is a third-party program for use with OpenSSH to keep your
credentials in memory and accessible across logins, and continues to
run
until the machine is shutdown or the keychain or agents are
deliberately
stopped. MacOS and some UNIX distros may provide a specialized way
to do
this. Details on using the keychain program:
http://www.gentoo.org/proj/en/keychain/
Typical usage from a bash shell:
# Start the keychain and add your keys, which may ask for
passwords -- I
# keep my keys in ~/.ssh and give them names ending with "_rsa" and
"_dsa":
keychain ~/.ssh/*_{dsa,rsa}
# Load the credentials into a session (the file sourced is created
by "keychain"):
. ~/.keychain/${HOSTNAME}-sh*
# You can combine these steps together by using a single bash
function,
# that can start keychain if needed and load your credentials. You
can run
# this function from .Xsession and again any time you need to load
# credentials from a session that's not managed by X (e.g., you SSH
into a
# machine already running your keychain). Here's the function:
keychainize () { keychain ~/.ssh/*_{dsa,rsa}; .
~/.keychain/${HOSTNAME}-sh*; }
If you're looking for something more lightweight and standard, you can
use "ssh-agent", which is what "keychain" is providing a wrapper for.
"ssh-agent" is a program that comes with OpenSSH and keeps your
credentials in memory. It lets you enter the passwords for your SSH
keys
once on startup and keep using the keys without passwords for the
duration of your session. For details read:
http://www.securityfocus.com/infocus/1812
Typical usage from a bash shell:
# Start the agent, it's not smart enough to realize one's already
running
eval `ssh-agent`
# Add your keys to the agent, which may ask for passwords
ssh-add ~/.ssh/*_{dsa,rsa}
# See what keys you've got loaded, if curious
ssh-add -l
# Use your credentials without having to re-enter passwords
ssh myusern...@myhostname
-igal
_______________________________________________
Portland mailing list
[email protected]
http://mail.python.org/mailman/listinfo/portland
_______________________________________________
Portland mailing list
[email protected]
http://mail.python.org/mailman/listinfo/portland
