Re: ssh-agent

To: debian-user@lists.debian.org
Subject: Re: ssh-agent
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Sat, 8 Nov 2003 15:17:50 +0000
Message-id: <[🔎] 20031108151750.GC2540@guildenstern.dyndns.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200311070758.27580.geoffthur@ntlworld.com>
References: <[🔎] 200311062239.58185.geoffthur@ntlworld.com> <[🔎] 20031107035232.GD3579@riva.ucam.org> <[🔎] 200311070758.27580.geoffthur@ntlworld.com>

on Fri, Nov 07, 2003 at 07:58:26AM +0000, Geoff Thurman (geoffthur@ntlworld.com) wrote:
> On Friday 07 November 2003 3:52 am, Colin Watson wrote:
> > On Thu, Nov 06, 2003 at 10:39:58PM +0000, Geoff Thurman wrote:
> > > Forgive me if this is cretinous beyond compare, but I am confused.
> > > I am on a standalone machine, and never use SSH, and yet there is
> > > an SSH-agent in my /tmp. Is this normal?
> >
> > I believe that Debian's default X session scripts run your X session
> > inside an ssh-agent. 

They do.

> > It shouldn't cause any kind of problem, security-related or
> > otherwise; it's just there if you want it.

And it's pretty bloody useful, particualarly if you're using ssh either
locally or to remote systems.

  - Generate an ssh key:  'ssh-keygen'.  Provide a password.

  - Add the contents of the '*.pub' files to remote hosts you plan on
    sshing to.  See:

      http://kmself.home.netcom.com/GNU/Linux/FAQs/sshrsakey.html

  - After starting X, from any terminal window, run 'ssh-add'.  Type
    your password when prompted.

Now:  if you need to start a shell, or run a command, on a remote
system, you can do so without having to type your password.  Naturally,
you'll want to secure your local system so Dr. Evil can't exploit this.

E.g.:

    ssh myname@remotehost.farawaydomain.tld

...or if you want to run a command on a bunch of hosts:

    for host in eenie meenie meinie moe; do ssh $host uptime; done

If you ever find yourself administering a cluster of hosts, or using a
number of remote systems, this is invaluable.

There are other tricks (forced commands) for running specific commands
without even requiring an ssh-agent, say, for cronjobs and the like.

> Thank you. This is a great relief, particularly coming, as it does, from 
> such an authoritative source. I now understand the man pages a bit 
> better, too. I have still removed the ssh package though, on the basis 
> that I don't use it and can always put it back later if and when I need 
> it. 

ssh is highly valuable because it provides a secure, encrypted,
authenticated, non-spoofable means of issueing commands or data between
hosts.  It's used not just for shells and commands but for file
transfers in the form of scp, sftp, and rsync.  See also the fish://
protocol (implemented in lftp, for example).  ssh replaces telnet and
rsh, for the most part transparently, both of which are highly insecure
protocols.

I'd strongly recommend you leave ssh installed.  Could be most useful.

Speaking of which, anyone know how to get lftp w/ fish to talk to
ssh-agent?

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Keep software free.         Oppose the CBDTPA.         Kill S.2048 dead.
     http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: ssh-agent
  - From: Geoff Thurman <geoffthur@ntlworld.com>

References:
- ssh-agent
  - From: Geoff Thurman <geoffthur@ntlworld.com>
- Re: ssh-agent
  - From: Colin Watson <cjwatson@debian.org>
- Re: ssh-agent
  - From: Geoff Thurman <geoffthur@ntlworld.com>

Prev by Date: Re: Some newbie questions
Next by Date: Re: Single-use root account?
Previous by thread: Re: ssh-agent
Next by thread: Re: ssh-agent
Index(es):
- Date
- Thread