|
|
10.5: Use public keys with SSH in 10.5
The difference is that the 10.5 version of "ssh" now runs a process called "ssh-agent" in the background. This process CAN, but doesn't necessarily have to, hold the actual secret keys used to authenticate to the remote servers. If you want the agent to hold your secret key (which means you won't have to type a password OR a passphrase to access remote servers) you can run "ssh-add" in a terminal window. It will ask you for the passphrase for the key, and then add the key to the agent. Once this is done, whenever you connect to a server, the agent uses the key (now in memory) to automatically answer the server's challenges. If the agent doesn't have the key in memory, it pops up a window on the screen, asking for the passphrase. It then uses that passphrase to read and decrypt the secret key from the disk, uses the key to answer the challenge, then wipes both pieces of information (the key and the passphrase) out of memory. I wrote a web page a few years ago which explains the whole process in a lot more detail- it's more geared towards Linux, but the programs involved (ssh, ssh-agent, ssh-add, etc.) are the same programs. The only difference is that the OSX version of ssh-agent knows how to pop up a GUI window to prompt you for the passphrase. One interesting thing you can do with keys is "agent forwarding". The idea is that, from your workstation, you can ssh to "machine A", and then FROM THERE you can ssh to "machine B", and from there to "machine C", and so forth... and the socket back to the ssh-agent process on your workstation is carried along for the ride, which means the "ssh" process on machine B is able to send machine C's challenge back through a "side channel" all the way back to your workstation, and have the agent compute the answer to the challenge... all without machine A knowing, or caring, what was going on. I normally use a program called "SSHKeychain". It works as a front-end for ssh-agent, with a GUI which allows you to manually add and remove keys without having to type "ssh-add" commands. The thing I like about it is that it can be configured so that when you enter the passphrase for a key, it automatically adds that key to the agent- which means I only have to type my passphrase once when I run my first "ssh" or "scp" command in the morning, or if I have to log out or reboot. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.08 seconds |
|