Can anyone tell me how to set up ssh and keychain so when I connect to the remote system it uses keychain for the password or public key? The remote system is FreeBSD 8.0. Do I need to setup anything else on that end?
Hi,
I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step:
#!/bin/bash
# LAN SSH KEYS DISCOVERY SCRIPT
</etc/passwd \
grep /bin/bash |
cut -d: -f6 |
sudo xargs -i -- sh -c '
&& cat... (11 Replies)
Yes, it's that minefield again. I'm building an AJAX database interface which uses maria/mysql logins instead of keeping a bunch of its own private logins, to try and keep it simple.
The thorny bit is, of course, the passwords. Doing this requires it to remember passwords between sessions, not... (4 Replies)
Hi All,
I am trying to create a script with the help of while and expect loop to do the following:
1. script will pick up the servers one by one from server_list file and will do ssh to it.
2. for each server it will change the password of user test1.
3. script should also provide logs for... (1 Reply)
There are two servers :
1. Site
2. Testing
from site server i want to connect testing server with ssh password less authentication.
i generated public and private keys with ssh-keygen -t rsa on site server.
cat id_rsa >> authorized_keys
cat id_rsa.pub >> authorized_keys
i... (15 Replies)
Hello,
I could use some help with my ssh keys and agent.
This is the issue. I have 2 different UNIX systems at work. One is the normal Solaris servers with my uid being the same throughout all the servers. I now have a different system for my desktop. A contractor came in and installed some SUN... (0 Replies)
In my environment "SunOS - 5.10 Generic_142900-14 sun4v sparc SUNW,T5240" when I issue an ssh i get prompted for a password. I need to run an ssh in a script but is it possible to ready an encrypted password file or to pass the password in the script or configure it so that a particular user-id... (1 Reply)
Hi All,
I am having knowledge on some basics of ssh and wanted to know what are the public keys and how can we create and implement it in connecting server.
Please provide the information for the above, it would be helpful for me.
Thanks,
Ravindra (1 Reply)
Hi everyone,
i wanted to generate ssh keys so that i can include the public key in the remote sever, so that for subsequent logins, i can do away with the keying in of the password. I consulted the man ssh-keygen man pages. "..Normally each user wishing to use SSH with RSA or DSA... (1 Reply)
Hello,
I'm wondering if anyone has a step-by-step instruction set for setting up ssh keys? I've gone through many of the manuals online (most seem to be from the same source) and it's a little bit unclear when the documentation is talking about the server versus the client machine. I'm missing... (1 Reply)
keychain(1) http://www.funtoo.org keychain(1)NAME
keychain - re-use ssh-agent and/or gpg-agent between logins
SYNOPSIS
keychain [ -hkQqV ] [ --clear --help --ignore-missing --noask --nocolor --nogui --nolock --quick --quiet --version ]
[ --agents list ] [ --attempts num ] [ --dir dirname ] [ --host name ] [ --lockwait seconds ]
[ --stop which ] [ --timeout minutes ] [ keys... ]
DESCRIPTION
keychain is a manager for ssh-agent, typically run from ~/.bash_profile. It allows your shells and cron jobs to share a single ssh-agent
process. By default, the ssh-agent started by keychain is long-running and will continue to run, even after you have logged out from the
system. If you want to change this behavior, take a look at the --clear and --timeout options, described below.
When keychain is run, it checks for a running ssh-agent, otherwise it starts one. It saves the ssh-agent environment variables to
~/.keychain/${HOSTNAME}-sh, so that subsequent logins and non-interactive shells such as cron jobs can source the file and make
passwordless ssh connections. In addition, when keychain runs, it verifies that the key files specified on the command-line are known to
ssh-agent, otherwise it loads them, prompting you for a password if necessary.
Keychain also supports gpg-agent in the same ways that ssh-agent is supported. By default keychain attempts to start all available agents
but will fall back to only gpg-agent or only ssh-agent if either is unavailable. You can specifically limit keychain using the --agents
option.
keychain supports most UNIX-like operating systems, including Cygwin. It works with Bourne-compatible, csh-compatible and fish shells.
OPTIONS --agents list
Start the agents listed. By default keychain will build the list automatically based on the existence of ssh-agent and/or gpg-agent on
the system. The list should be comma-separated, for example "gpg,ssh"
--attempts num
Try num times to add keys before giving up. The default is 1.
--clear
Delete all of ssh-agent's keys. Typically this is used in .bash_profile. The theory behind this is that keychain should assume that
you are an intruder until proven otherwise. However, while this option increases security, it still allows your cron jobs to use your
ssh keys when you're logged out.
--confirm
Keys are subject to interactive confirmation by the SSH_ASKPASS program before being used for authentication. See the -c option for
ssh-add(1).
--dir dirname
Keychain will use dirname rather than $HOME/.keychain
--eval
Keychain will print lines to be evaluated in the shell on stdout. It respects the SHELL environment variable to determine if Bourne
shell or C shell output is expected.
--env filename
After parsing options, keychain will load additional environment settings from "filename". By default, if "--env" is not given, then
keychain will attempt to load from ~/.keychain/[hostname]-env or alternatively ~/.keychain/env. The purpose of this file is to
override settings such as PATH, in case ssh is stored in a non-standard place.
-h --help
Show help that looks remarkably like this man-page. As of 2.6.10, help is sent to stdout so it can be easily piped to a pager.
--host name
Set alternate hostname for creation of pidfiles
--ignore-missing
Don't warn if some keys on the command-line can't be found. This is useful for situations where you have a shared .bash_profile, but
your keys might not be available on every machine where keychain is run.
--inherit which
Attempt to inherit agent variables from the environment. This can be useful in a variety of circumstances, for example when ssh-agent
is started by gdm. The following values are valid for "which":
local Inherit when a pid (e.g. SSH_AGENT_PID) is set in the environment. This disallows inheriting a forwarded agent.
any Inherit when a sock (e.g. SSH_AUTH_SOCK) is set in the environment. This allows inheriting a forwarded agent.
local-once Same as "local", but only inherit if keychain isn't already providing an agent.
any-once Same as "any", but only inherit if keychain isn't already providing an agent.
By default, keychain-2.5.0 and later will behave as if "--inherit local-once" is specified. You should specify "--noinherit" if you
want the older behavior.
--lockwait seconds
How long to wait for the lock to become available. Defaults to 5 seconds. Specify a value of zero or more. If the lock cannot be
acquired within the specified number of seconds, then this keychain process will forcefully acquire the lock.
--noask
This option tells keychain do everything it normally does (ensure ssh-agent is running, set up the ~/.keychain/[hostname]-{c}sh files)
except that it will not prompt you to add any of the keys you specified if they haven't yet been added to ssh-agent.
--nocolor
Disable color hilighting for non ANSI-compatible terms.
--nogui
Don't honor SSH_ASKPASS, if it is set. This will cause ssh-add to prompt on the terminal instead of using a graphical program.
--noinherit
Don't inherit any agent processes, overriding the default "--inherit local-once"
--nolock
Don't attempt to use a lockfile while manipulating files, pids and keys.
-k --stop which
Kill currently running agent processes. The following values are valid for "which":
all Kill all agent processes and quit keychain immediately. Prior to keychain-2.5.0, this was the behavior of the bare "--stop"
option.
others Kill agent processes other than the one keychain is providing. Prior to keychain-2.5.0, keychain would do this automatically.
The new behavior requires that you specify it explicitly if you want it.
mine Kill keychain's agent processes, leaving other agents alone.
-Q --quick
If an ssh-agent process is running then use it. Don't verify the list of keys, other than making sure it's non-empty. This option
avoids locking when possible so that multiple terminals can be opened simultaneously without waiting on each other.
-q --quiet
Only print messages in case of warning, error or required interactivity. As of version 2.6.10, this also suppresses "Identities added"
messages for ssh-agent.
--timeout minutes
Set a timeout in minutes on your keys. This is conveyed to ssh-agent which does the actual timing out of keys since keychain doesn't
run continuously.
-V --version
Show version information.
EXAMPLES
This snippet should work in any shell to load two ssh keys and one gpg key:
eval `keychain --eval id_rsa id_dsa 0123ABCD`
If you have trouble with that in csh:
setenv SHELL /bin/csh
eval `keychain --eval id_rsa id_dsa 0123ABCD`
This is equivalent for Bourne shells (including bash and zsh) but doesn't use keychain's --eval feature:
keychain id_rsa id_dsa 0123ABCD
[ -z "$HOSTNAME" ] && HOSTNAME=`uname -n`
[ -f $HOME/.keychain/$HOSTNAME-sh ] &&
. $HOME/.keychain/$HOSTNAME-sh
[ -f $HOME/.keychain/$HOSTNAME-sh-gpg ] &&
. $HOME/.keychain/$HOSTNAME-sh-gpg
This is equivalent for C shell (including tcsh):
keychain id_rsa id_dsa 0123ABCD
host=`uname -n`
if (-f $HOME/.keychain/$host-csh) then
source $HOME/.keychain/$host-csh
endif
if (-f $HOME/.keychain/$host-csh-gpg) then
source $HOME/.keychain/$host-csh-gpg
endif
To load keychain variables from a script (for example from cron) and abort unless id_dsa is available:
# Load keychain variables and check for id_dsa
[ -z "$HOSTNAME" ] && HOSTNAME=`uname -n`
. $HOME/.keychain/$HOSTNAME-sh 2>/dev/null
ssh-add -l 2>/dev/null | grep -q id_dsa || exit 1
SEE ALSO ssh-agent(1)NOTES
Keychain was created and is currently maintained by Daniel Robbins. If you need to report a bug or request an enhancement, please post to
the funtoo-dev mailing list <http://groups.google.com/group/funtoo-dev>. For more information about keychain, please visit
<http://www.funtoo.org>.
2.7.1 2010-05-07 keychain(1)
