Archive

Archive for April, 2012

Using ssh-agent on a Server

April 25th, 2012 subogero Comments off

My new favourite distro is Debian Squeeze. I use some installations as servers and virtual machines. They all share a surprising feature for a 3 year-old Linux Noob:

No GUI

No desktops, no menus, no windows and no mice, just sshd and the Bourne Again Shell. I’ve been struggling with git fetch/push on such machines for a while, having to add the passphrase of my private key every time. Until now, that is.

Basic command-line installations of Debian Squeeze don’t run ssh-agent automatically like the GUI versions of popular Linux distros. The setup is up to the user or sysadmin.

My solution provides the following features:

  • ssh-agent runs on a per-user basis as a daemon (not per-system and not per-session)
  • user enters pass-phrases once per power-cycle of the machine (not once per logging in)

The solution is implemented in /etc/profile:

# SSH Agent
export SSH_AUTH_SOCK=~/.ssh/.ssh-socket
echo --- LIST ADDED KEYS ---
ssh-add -l
if [ $? = 2 ]; then
 echo --- ADD KEYS ---
 rm -f ~/.ssh/.ssh-{socket,agent-pid,script}
 ssh-agent -a $SSH_AUTH_SOCK 2>/dev/null >~/.ssh/.ssh-script
 . ~/.ssh/.ssh-script >/dev/null
 echo $SSH_AGENT_PID >~/.ssh/.ssh-agent-pid
 ssh-add .ssh*/id_rsa
fi

Adding keys to ssh-agent forever on a server might be a security risk, but defining a timeout is also possible, the example below shows one enough for a workday (8 hours):

ssh-add -t 28800 .ssh*/id_rsa