SSH Public Key Authentication

Question

Level 1

30 points

SSH Public Key Authentication

I just created a public/private key from my new imac and it allows me to login to my laptop and old G5 without a password. Really slick. So, I've got that much working. I did include a passphrase when setting up the key.

My problem is when I ssh into the imac remotely from my blackberry, I get in with a password. When I want to get to the G5 during this session, I am always asked for the passphrase. Any ideas?

Thank you,

J.

Late 2k9 iMac, Dual 2Ghz Power Mac/2 Ghz Core Duo MacBook Pro, Mac OS X (10.6.2)

Posted on Jan 26, 2010 6:40 PM

Reply

Answer 1

Jan 26, 2010 7:21 PM in response to Ebola

So do you want to ssh into your imac without a password?
Or do you not want to have to enter your passphase after
sshing from the blackberry to the imac and then to the g5?

You may want to look at:

ssh-agent(1) - authentication agent

Reply

Answer 2

Ebola Author

Level 1

30 points

Jan 26, 2010 7:26 PM in response to Nils C. Anderson

I am ok using a password to get into the imac from my blackberry, but once in, I would like access to my other machines without a password or a passphrase. I will take a look at ssh-agent tomorrow. Unix'd out for the evening, but accomplished more than I thought I could.

Reply

Answer 3

BobHarris

Level 9

53,309 points

Jan 26, 2010 7:44 PM in response to Ebola

The other alternative is to create an ssh key without a passphrase. Of course you then need to make sure that no one gets control of your private key, or they could get into any of your systems controlled by that private key.

Reply

Answer 4

Ebola Author

Level 1

30 points

Jan 26, 2010 7:47 PM in response to Ebola

ssh-agent is running on my imac. I used ssh-add and then typed my passphrase. ssh-add -l shows my 2048 bit key and a path to my id_rsa file.

SSH into the imac and then ssh into the G5 and it still prompts me for a passphrase. Apparently I am missing a step.

Thanks,

J.

Reply

Answer 5

Ebola Author

Level 1

30 points

Jan 26, 2010 7:50 PM in response to BobHarris

While I doubt anyone would get the private key file, I don't want to take any shortcuts. I want to learn how to do this the right way.

Reply

Answer 6

BobHarris

Level 9

53,309 points

Jan 27, 2010 5:45 AM in response to Ebola

Do you have a * SSH AUTHSOCK* environment variable?


printenv SSHAUTHSOCK
SSHAUTHSOCK=/tmp/launch-ypUZ9j/Listeners

ssh only knows about the ssh-agent if there is a SSH AUTHSOCK environment variable.

See the ssh-agent man page for more details.

Reply

Answer 7

Jun T.

Level 4

2,185 points

Jan 28, 2010 8:39 AM in response to Ebola

When you login to your imac remotely, the ssh-agent is not started automatically. You must start it manually, and add you identity to the agent by the ssh-add command:


imac$ eval $(ssh-agent)
Agent pid nnnnn
imac$ ssh-add
Enter passphrase for /Users/you/.ssh/id_xxx: <enter your passphrase>
Identity added: /Users/you/.ssh/id_xxx
imac$ ssh your-G5-host
your-G5-host$ (you will not be asked for passphrase)

You must enter your passphrase once (only onece) when adding your identity to the agent.

Reply