23
12
I use Mac OS X Lion and login remote hosts via SSH every day. Despite the fact that I use SSH key pair for remote authentication and I don't need to motorize every host's login phrase, it is still very annoying that the terminal asks for the passphrase for accessing my SSH private key.
For security reason, I think, a passphrase for accessing SSH private key is must-needed. Is there a way that makes the terminal to ask for the phrase exactly only one time at start up, then memorize it, and automatically using my private key in later SSH sessions?
There is a script called keychain
which works fine on Gentoo Linux. But I never figure it out on Mac OS X Lion. What's more, there are so many intimidating terms, such as ssh-agent
, ssh-add
. After reading various materials about those SSH toolkits and doing some frustrated experiments, I got more confused.
Therefore, I came to StackExchange, looking for some advice about the following questions.
- What are
ssh-agent
,ssh-add
,keychain
,Keychain Access.app
and how they interact with each other? - How can I enter the passphrase for my SSH private key once at login, and use it freely at later SSH session creation?
- Errr... What's wrong with
Keychain Access.app
? It does not store the SSH phrase like it did before.
I list what I've done here. Hopefully there are clues about the steps I missed.
Step 1. Create an SSH key pair on my Mac.
$ ssh-keygen -t rsa -C "me@email.com"
# Set a passphrase for accessing the private key.
Step 2. Copy my SSH public key to remote host. To take an example, I copy the key to localhost, Mac.
$ ssh-copy-id USER@localhost
# Enter the login password for USER at localhost, not my SSH passphrase
Step 3. Then try to connect to the remote host (localhost here), via SSH key pair authentication.
$ ssh USER@locahost
Enter passphrase for key '/Users/YOUR_ACCOUNT/.ssh/id_rsa':
# Enter my SSH passphrase, not the login password.
Step 4. Logout from the remote host and try to connect to it again. Damn it, the terminal asks for the SSH phrase again.
A frequently asked question is that "Does ssh-agent work well on your Mac?". Frankly speaking, I have no idea what's going on these things. Here show some running results.
$ echo $SSH_AUTH_SOCK
/tmp/launch-M48niA/Listeners
$ echo $SSH_AUTH_PID
(EMPTY)
$ ssh-add -l
Could not open a connection to your authentication agent.
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-Z54zXukQiP/agent.26769; export SSH_AUTH_SOCK;
SSH_AGENT_PID=26770; export SSH_AGENT_PID;
echo Agent pid 26770;
$ ssh-add -l
Could not open a connection to your authentication agent.
$ echo $SSH_AUTH_SOCK
/tmp/launch-M48niA/Listeners
$ echo $SSH_AUTH_PID
(STILL EMPTY)
$ ssh-agent # Oh no, anther ssh-agent with different PID
SSH_AUTH_SOCK=/tmp/ssh-cx0B4FUX8B/agent.26898; export SSH_AUTH_SOCK;
SSH_AGENT_PID=26899; export SSH_AGENT_PID;
echo Agent pid 26899;
$ ps -e | grep -i ssh
26769 ?? 0:00.03 ssh-agent
26899 ?? 0:00.02 ssh-agent
Any feedback is welcomed. Thanks!
Related. Chances are you can adapt the accepted answer for your use case. – Daniel Beck – 2012-05-01T12:37:26.497