[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh-agent: I want to start using on all my remote hosts



On 6/3/22 07:43, Tom Browder wrote:
I have been using ssh for logging in to my remote hosts for many years, but
I have NOT been using ssh-agent.

I have checked all those hosts looking for the env var SSH_AGENT_SOCK which
one website says should be defined if the ssh-agent process is running, but
none have that defined.

Now I'm ready to start but I want to start with one host to make sure my
work flows aren't interrupted. Some questions:

1. Will starting the ssh-agent service interfere with my current ssh login
(using keys with NO passhrase).


Entering passphrases every time you issue an SSH-enabled command is a PITA. I also used keys without passwords before I discovered ssh-agent(1) and ssh-add(1). Now all of my keys have passphrases. You should create new SSH keys with strong passphrases.


2. Is there anything to do to start the service other than:

On 6/3/22 07:52, Tom Browder wrote:
> On Fri, Jun 3, 2022 at 09:43 Tom Browder <tom.browder@gmail.com> wrote:

> And edit file /etc/ssh/ssh_config to change
>
>      # ForwardAgent no
>
> to
>
>      ForwardAgent yes
>
> Then reboot.


If you change /etc/ssh/ssh_config, there is no need to reboot. I enable ForwardAgent on all of my hosts, so that I can login via ssh(1) and use cvs(1) over SSH.


If you change /etc/ssh/sshd_config, then you need to send a HUP signal to sshd(8), restart sshd(8), or reboot.


If you want to use your SSH key to login to root accounts, verify PermitRootLogin is set to (or defaults to) "prohibit-password" in /etc/ssh/sshd_config on the target hosts.


If you want all ssh(1) logins to require an SSH key, set PasswordAuthentication to "no" in /etc/ssh/sshd_config on the target hosts.


I own and recommend "SSH Mastery" by Michael W. Lucas:

https://mwl.io/nonfiction/tools#ssh


David


Reply to: