Re: ssh-agent: I want to start using on all my remote hosts
On 6/3/22 07:43, Tom Browder wrote:
I have been using ssh for logging in to my remote hosts for many years, but
I have NOT been using ssh-agent.
I have checked all those hosts looking for the env var SSH_AGENT_SOCK which
one website says should be defined if the ssh-agent process is running, but
none have that defined.
Now I'm ready to start but I want to start with one host to make sure my
work flows aren't interrupted. Some questions:
1. Will starting the ssh-agent service interfere with my current ssh login
(using keys with NO passhrase).
Entering passphrases every time you issue an SSH-enabled command is a
PITA. I also used keys without passwords before I discovered
ssh-agent(1) and ssh-add(1). Now all of my keys have passphrases. You
should create new SSH keys with strong passphrases.
2. Is there anything to do to start the service other than:
On 6/3/22 07:52, Tom Browder wrote:
> On Fri, Jun 3, 2022 at 09:43 Tom Browder <tom.browder@gmail.com> wrote:
> And edit file /etc/ssh/ssh_config to change
>
> # ForwardAgent no
>
> to
>
> ForwardAgent yes
>
> Then reboot.
If you change /etc/ssh/ssh_config, there is no need to reboot. I enable
ForwardAgent on all of my hosts, so that I can login via ssh(1) and use
cvs(1) over SSH.
If you change /etc/ssh/sshd_config, then you need to send a HUP signal
to sshd(8), restart sshd(8), or reboot.
If you want to use your SSH key to login to root accounts, verify
PermitRootLogin is set to (or defaults to) "prohibit-password" in
/etc/ssh/sshd_config on the target hosts.
If you want all ssh(1) logins to require an SSH key, set
PasswordAuthentication to "no" in /etc/ssh/sshd_config on the target hosts.
I own and recommend "SSH Mastery" by Michael W. Lucas:
https://mwl.io/nonfiction/tools#ssh
David
Reply to: