OpenBSD Journal

[developerWorks] OpenSSH key Management, Part 3

Contributed by Dengue on from the www.ibm.com/developerworks dept.

Maria writes :
"OpenSSH key management, Part 3
Take advantage of OpenSSH agent connection forwarding to enhance security, and see how popular keychain shell script has evolved. http://www-106.ibm.com/developerworks/linux/library/l-keyc3?Opent=grl,l=929,p=Kp3 "

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    Hmm,

    Running out of useful material? This article is bootylicious.

    The article is very regurgitated, and the mere fact it spans for more than 7 months in a 3-part series is just mind numbing considering the articles are devoid of any unique usefulness ( ssh-agent has been around since forever.. at least 5 or 6 years ).

    His keychain script is nothing more than a little front-end, which honestly I've never really seen the need for when dealing with ssh-agent, ssh-add, etc.

    Also, why does he use this in a windowed environment? The best way to use ssh-agent with any Window Manager, since we're talking about saving time and not invoking multiple ssh-agent processes for each shell, is to run ssh-agent when you invoke the Window Manager. One ssh-add and all the Window Manager child processes are ready to go for password-less login.

    I guess anyone can publish lame articles these days.


    *shrug*

    Comments
    1. By nulld () on

      the whole point is that ssh-keygain connects to a single, long-running ssh-agent session.

      you kind of missed the point.

      Comments
      1. By Gioffreus () on

        i used keychain for awhile before i really knew how to use ssh-agent to its fullest possible value... still, keychain was a good way to learn by example. it served as motivation for my taking the time to read all of the ssh-related man pages...

        so, i've come out ahead even though i do _not_ still use keychain. why don't i still use it? well, you can do the same thing with only ~10 lines in your ~/.{,z}profile instead of ~350 in keychain. also, keychain turns a relatively simple usage scenario into an overly complex one.

        so in the end, i am of the opinion that keychain is good and useful to a point... mostly as a tool for learning.

    2. By webmaster () dengue@deadly.org on file:/dev/null

      Especially if it's your website.

    3. By Gioffreus () on


      > Also, why does he use this in a windowed
      > environment? The best way to use ssh-agent
      > with any Window Manager, since we're talking
      > about saving time and not invoking multiple
      > ssh-agent processes for each shell, is to run
      > ssh-agent when you invoke the Window Manager.
      > One ssh-add and all the Window Manager child
      > processes are ready to go for password-less login.


      perhaps you do not understand that only _ONE_ `ssh-agent' process is invoked here. also, one `ssh-add'...

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]