Re: ssh passphrase
On Wed, 12 Apr 2000, Jens B. Jorgensen wrote:
>That's what ssh-agent is for. You run ssh-agent and it will output environment
>variable for a unix domain socket. Then you run ssh-add and type in your passphrase.
>The ssh-agent caches your key and access is limited to your user (permissions on the
>unix socket). This is not secure enough for some of course.
Thanks Ben and Jens for your advice on this issue. I have now got ssh-agent
working with support for X and non-X logins (/etc/profile checks whether
$DISPLAY is set to determine which alias to setup for ssh-add).
Now I have a problem though, sometimes a session gets killed without the
.logout running and the ssh-agent keeps running.
This is a problem as the machine in question could potentially be accessed by
an untrusted person and the ssh-agent contains the root password. What I
would like to do is have the ssh-agent timeout after some time of inactivity
and/or a specified period of time. Another thing I would like to do is have
a password get removed from the ssh-agent after a period of time.
Has anyone worked on any of these issues? Does anyone have any code that may
help?
If no-one else has done any of this then I intend to write some support for
this myself.
Russell Coker
>Russell Coker wrote:
>
>> Is it possible to have the ssh client read the pass-phrase for an authorised
>> key from an environment variable?
>>
>> What I want to do is:
>> export PASS=`ssh-askpass`
>> for n in $MACHINES do
>> ssh $n command
>> done
>> unset PASS
>>
>> Or something similar. Basically I want to login to 30 machines and run some
>> command but without having to enter my pass-phrase 30 times. I know I could
>> use expect (and will if no-one has a better suggestion). But I'm sure there
>> is a better way (why else would ssh-askpass exist?).
--
My current location - X marks the spot.
X
X
X
Reply to: