Simplify SSH Authorization with ssh-agent

Brian Hatch returns to Security Focus today with his second SSH article, this time teaching us how to use ssh-agent to more easily handle SSH logins.

While SSH keys are mainly designed to verify identity, they are often associated with a passphrase to prevent someone from simply copying the key. Depending on the password/phrase used, this can make them even more inconvenient than using SSH without keys and entering a password every time.

ssh-agent simplifies this by creating a socket that listens for SSH connections. You simply tell ssh-agent how to find your keys, enter the passphrase for each once, and then it handles the rest every time you connect to a remote server. This is especially handy for admins doing work on a lot of remote machines and having to reconnect several times (for example, when loading/testing new kernels on a remote machine).

Hatch takes you through the entire process of establishing the ssh-agent socket and covers the potential security risks involved. Fortunately these are minimal, and mostly a concern only if you don’t trust your root user or your root account has been compromised.

Home users may find it just as easy to continue to use a passphrase if they only access a remote machine or two, but for sysadmins, this can be a great boon.