7 Replies Latest reply: Jan 28, 2010 8:39 AM by Jun T.
Ebola Level 1 Level 1 (25 points)
I just created a public/private key from my new imac and it allows me to login to my laptop and old G5 without a password. Really slick. So, I've got that much working. I did include a passphrase when setting up the key.

My problem is when I ssh into the imac remotely from my blackberry, I get in with a password. When I want to get to the G5 during this session, I am always asked for the passphrase. Any ideas?

Thank you,

J.

Late 2k9 iMac, Dual 2Ghz Power Mac/2 Ghz Core Duo MacBook Pro, Mac OS X (10.6.2)
  • Nils C. Anderson Level 4 Level 4 (3,495 points)
    So do you want to ssh into your imac without a password?
    Or do you not want to have to enter your passphase after
    sshing from the blackberry to the imac and then to the g5?

    You may want to look at:

    ssh-agent(1) - authentication agent
  • Ebola Level 1 Level 1 (25 points)
    I am ok using a password to get into the imac from my blackberry, but once in, I would like access to my other machines without a password or a passphrase. I will take a look at ssh-agent tomorrow. Unix'd out for the evening, but accomplished more than I thought I could.
  • BobHarris Level 6 Level 6 (14,925 points)
    The other alternative is to create an ssh key without a passphrase. Of course you then need to make sure that no one gets control of your private key, or they could get into any of your systems controlled by that private key.
  • Ebola Level 1 Level 1 (25 points)
    ssh-agent is running on my imac. I used ssh-add and then typed my passphrase. ssh-add -l shows my 2048 bit key and a path to my id_rsa file.

    SSH into the imac and then ssh into the G5 and it still prompts me for a passphrase. Apparently I am missing a step.

    Thanks,

    J.
  • Ebola Level 1 Level 1 (25 points)
    While I doubt anyone would get the private key file, I don't want to take any shortcuts. I want to learn how to do this the right way.
  • BobHarris Level 6 Level 6 (14,925 points)
    Do you have a * SSHAUTHSOCK* environment variable?

    printenv SSHAUTHSOCK
    SSHAUTHSOCK=/tmp/launch-ypUZ9j/Listeners

    ssh only knows about the ssh-agent if there is a SSHAUTHSOCK environment variable.

    See the ssh-agent man page for more details.
  • Jun T. Level 4 Level 4 (2,185 points)
    When you login to your imac remotely, the ssh-agent is not started automatically. You must start it manually, and add you identity to the agent by the ssh-add command:

    imac$ eval $(ssh-agent)
    Agent pid nnnnn
    imac$ ssh-add
    Enter passphrase for /Users/you/.ssh/id_xxx: <enter your passphrase>
    Identity added: /Users/you/.ssh/id_xxx
    imac$ ssh your-G5-host
    your-G5-host$ (you will not be asked for passphrase)

    You must enter your passphrase once (only onece) when adding your identity to the agent.