Bog'liq Mastering Ubuntu Server Gain expertise in the art of deploying, configuring, managing, and troubleshooting Ubuntu Server by Jay LaCroix (z-lib.org)
[ 269 ] If you decided not to create a passphrase with your key, you're essentially setting up
authentication without a password, meaning you won't be asked to enter anything
when authenticating.
Utilizing an SSH agent When we created our SSH key earlier, it was mentioned that having a passphrase
is optional but is a good idea. Using passphrases with OpenSSH key-pairs boosts
their security. If an OpenSSH key falls into the wrong hands, it will be useless if the
person attempting to utilize it doesn't know the passphrase. However, we lose a
bit of convenience because we need to enter the passphrase for a key each time we
want to use it. An OpenSSH key without a passphrase will allow us to connect to
a server and be logged in without entering anything at all. With an
SSH agent , you
can actually cache your passphrase the first time you use it, so you won't be asked
for it with every connection. This essentially allows you to benefit from the added
security of a passphrase, and still maintain at least some convenience. Best of all, if
your laptop or desktop is able to utilize the OpenSSH client for connecting to remote
systems, you should have an SSH agent on your system already. If we're using a
flavor of Linux or macOS on our workstation or laptop, for example, we will have
the
ssh-agent
command available to us.
The
ssh-agent
is used by starting it in the background in our terminal. We can then
"unlock" our keys with our passphrase, and then the unlocked key will be stored
in memory and will be automatically used when we attempt to connect to a server
we've copied our public key to. To start it, enter the following command as your
normal user account on the machine you're starting your connections from (that is,
your workstation):
eval $(ssh-agent)
This command will start an SSH agent, which will continue to run in the background
of your shell. But it's not adding any value to us yet—so we will need to add an SSH
key to the now running agent. The
ssh-add
command allows us to add an SSH key to
our running
ssh-agent
. To do so, we can give the
ssh-add
command the path to our
public key as an argument:
ssh-add ~/.ssh/id_rsa
At this point, you'll be asked for your passphrase. As long as you enter it properly,
your key will remain open and you won't need to enter it again for future
connections, until you close that shell or log out. Now that you have the
ssh-
agent
running in the background with your unlocked key, utilizing a key with a
passphrase becomes much easier and you'll end up typing a lot less.