Using ssh-agent on a Server
My new favourite distro is Debian Squeeze. I use some installations as servers and virtual machines. They all share a surprising feature for a 3 year-old Linux Noob:
No GUI
No desktops, no menus, no windows and no mice, just sshd and the Bourne Again Shell. I’ve been struggling with git fetch/push on such machines for a while, having to add the passphrase of my private key every time. Until now, that is.
Basic command-line installations of Debian Squeeze don’t run ssh-agent automatically like the GUI versions of popular Linux distros. The setup is up to the user or sysadmin.
My solution provides the following features:
- ssh-agent runs on a per-user basis as a daemon (not per-system and not per-session)
- user enters pass-phrases once per power-cycle of the machine (not once per logging in)
The solution is implemented in /etc/profile:
# SSH Agent
export SSH_AUTH_SOCK=~/.ssh/.ssh-socket
echo --- LIST ADDED KEYS ---
ssh-add -l
if [ $? = 2 ]; then
echo --- ADD KEYS ---
rm -f ~/.ssh/.ssh-{socket,agent-pid,script}
ssh-agent -a $SSH_AUTH_SOCK 2>/dev/null >~/.ssh/.ssh-script
. ~/.ssh/.ssh-script >/dev/null
echo $SSH_AGENT_PID >~/.ssh/.ssh-agent-pid
ssh-add .ssh*/id_rsa
fi
Adding keys to ssh-agent forever on a server might be a security risk, but defining a timeout is also possible, the example below shows one enough for a workday (8 hours):
ssh-add -t 28800 .ssh*/id_rsa
