Wednesday, February 04, 2004

Configuing ssh-askpass and ssh-agent

I decided to set up ssh-agent and ssh-askpass on my laptop to allow easier access to other systems on my LAN. First I created a public/private key pair:

bash-2.05b$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/richard/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/richard/.ssh/id_dsa.
Your public key has been saved in /home/richard/.ssh/id_dsa.pub.
The key fingerprint is:
OB:FU:SC:AT:ED:FO:RS:EC:UR:IT:YR:EA:SO:NS richard@orr.taosecurity.com

Next I added the contents of /home/richard/.ssh/id_dsa.pub to newly-created authorized_keys files in the ~/.ssh/ directory on every server to which I wished to connect.

To ease log-in, I changed my laptop's .xinitrc file to look like this:

ssh-add < /dev/null
exec fvwm-themes-start

I also ensured my .profile had these entries:

SSHAGENT=/usr/bin/ssh-agent
SSHAGENTARGS="-s"
if [ -z "$SSH_AUTH_SOCK" -a -x "$SSHAGENT" ]; then
eval `$SSHAGENT $SSHAGENTARGS`
trap "kill $SSH_AGENT_PID" 0
fi

Now when I execute 'startx', I see ssh-askpass prompt for the keyphrase I entered when generating the DSA key pair above. I can log in to all the servers who have my laptop's public key in their authorized_keys file without entering a password.