[developerWorks] OpenSSH key Management, Part 3

Contributed by Dengue on 2002-03-09 from the www.ibm.com/developerworks dept.

Maria writes :

"OpenSSH key management, Part 3
Take advantage of OpenSSH agent connection forwarding to enhance security, and see how popular keychain shell script has evolved. http://www-106.ibm.com/developerworks/linux/library/l-keyc3?Opent=grl,l=929,p=Kp3 "

(Comments are closed)

Comments

By Anonymous Coward () on 2002-03-11 03:00 http://www.slashdot.org

Wh0000!!!
By Anonymous Coward () on 2002-03-12 20:26

Hmm,

Running out of useful material? This article is bootylicious.

The article is very regurgitated, and the mere fact it spans for more than 7 months in a 3-part series is just mind numbing considering the articles are devoid of any unique usefulness ( ssh-agent has been around since forever.. at least 5 or 6 years ).

His keychain script is nothing more than a little front-end, which honestly I've never really seen the need for when dealing with ssh-agent, ssh-add, etc.

Also, why does he use this in a windowed environment? The best way to use ssh-agent with any Window Manager, since we're talking about saving time and not invoking multiple ssh-agent processes for each shell, is to run ssh-agent when you invoke the Window Manager. One ssh-add and all the Window Manager child processes are ready to go for password-less login.

I guess anyone can publish lame articles these days.

*shrug*
Comments
1. By nulld () on 2002-03-13 12:32
  
  the whole point is that ssh-keygain connects to a single, long-running ssh-agent session.
  
  you kind of missed the point.
  Comments
  1. By Gioffreus () on 2002-03-14 16:35
    
    i used keychain for awhile before i really knew how to use ssh-agent to its fullest possible value... still, keychain was a good way to learn by example. it served as motivation for my taking the time to read all of the ssh-related man pages...
    
    so, i've come out ahead even though i do _not_ still use keychain. why don't i still use it? well, you can do the same thing with only ~10 lines in your ~/.{,z}profile instead of ~350 in keychain. also, keychain turns a relatively simple usage scenario into an overly complex one.
    
    so in the end, i am of the opinion that keychain is good and useful to a point... mostly as a tool for learning.
2. By webmaster () dengue@deadly.org on 2002-03-14 04:24 file:/dev/null
  
  Especially if it's your website.
3. By Gioffreus () on 2002-03-14 16:50
  
  > Also, why does he use this in a windowed
  > environment? The best way to use ssh-agent
  > with any Window Manager, since we're talking
  > about saving time and not invoking multiple
  > ssh-agent processes for each shell, is to run
  > ssh-agent when you invoke the Window Manager.
  > One ssh-add and all the Window Manager child
  > processes are ready to go for password-less login.
  
  perhaps you do not understand that only _ONE_ `ssh-agent' process is invoked here. also, one `ssh-add'...

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (10)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]