Custom Solution for Managing ssh-agent without Gnome Keyring

Tags: June 14, 2016 8:08 PM

Goal

How to enter ssh private key password only once without having managed by Gnome Keyring. The ssh agent should remain detected every time new terminal spawned or even on tty console CTRL+ALT+F1 and so on.

Solutions

We will utilize ssh-add, ssh-agent and little bit shell script commands for achieving the goal.

Step 1

First start the authentication agent and redirect the result to a file so can gather the agent information later.
$ ssh-agent -s > /tmp/my-ssh-agent.sh
Execute the file so we have the correct environment variables needed by ssh-add.
$ eval $( cat /tmp/my-ssh-agent.sh | grep -v ^echo )
Now add our keys to the agent.
$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/rio/.ssh/id_rsa:
Identity added: /home/rio/.ssh/id_rsa (/home/rio/.ssh/id_rsa)
Make sure the key is on the authentication agent list.
$ ssh-add -l
2048 aa:bb:cc:dd:ee:ff:00:11:22:33:ab:bc:cd:de:ef:11 /home/rio/.ssh/id_rsa (RSA)

Step 2

We need modify ~/.bashrc so every time new bash session opened it will load the authentication agent saved on /tmp/my-ssh-agent.sh. Append this line at the end of .bashrc
# Include our custom SSH Agent if found
MY_SSH_AGENT=/tmp/my-ssh-agent.sh
if [ -f $MY_SSH_AGENT ]; then
    eval $( cat $MY_SSH_AGENT | grep -v ^echo )
fi

Done. Try to open new terminal session and execute ssh-add -l it will shows your current key that already on authentication agent. Every time you restart your computer you just need run step 1 to add your keys to the ssh authentication agent.

If you're paranoid you can use ssh-add -c ~/.ssh/id_rsa so when graphical window confirmation appears you just need to type "yes". See man ssh-add and ssh-askpass.

References

Share on Facebook Twitter

0 comments:

Post a Comment