Whether Ssh-add must be added every time

First of all, I have to say that all the mechanisms associated with ssh are complex, easily confusing, if you want to thoroughly grasp the knowledge system, you must learn the relevant knowledge systematically. So first thing, I recommend a book to you, you might as well take the time to put it once and for all:

SSH, the Secure Shell, the first edition of this book has Chinese.

Then say your particular question.

You need to know one thing first:ssh-add This command is not intended to permanently remember the private key you are using. In fact, it only adds the private key you specify to a session managed by Ssh-agent . The ssh-agent is a temporary session service for storing the private key , which means that when you reboot, thessh-agent service is reset.

If it is to permanently remember which private key is, we cannot rely on the ssh-agent service. What you can depend on depends on which of the following scenarios is appropriate for your usage scenario.

Use some kind of secure key management mechanism

You don't describe the operating system you're using in the problem, so I'll take the Mac os X I use every day as an example. The MAC system has a built-in Keychain service and its management program that can help you manage various keys, including SSH keys, conveniently. Ssh-add By default adds the secret key to the currently running ssh-agent service, but you can change the default behavior to add it to the Keychain service and let the MAC help you remember, Manage and guarantee the security of these keys.

All you have to do is execute the following command:

Ssh-add-K [Path/to/your/ssh-key]

Later, when the other program requests the SSH key, it is requested by the Keychain service. In the following you can see my current machine Keychain for me to manage the SSH key, which includes my own generated four, as well as the Github Client App to use one of their own-the former are used for SSH-related commands, and the latter indicates that only for Github.app is used by this application. In addition, they are login keychains that is only the current user login will not take effect, change the user or not logged in state is not available, this is what the Keychain service to help you do.

How do I use multiple SSH keys and correspond to different applications?

This problem is also I am not completely thoroughly understand, according to some data description, after doing the above work, the application should be able to automatically match the applicable SSH key. But in the course of my study also encountered the need to manually specify the situation (at that time I do not understand the role of Keychain, are manual to ssh-add ), so another mechanism can help you solve this problem, that is, ssh config.

In a nutshell,ssh config is a configuration file that describes the different keys corresponding to the settings-including host name, user name, access policy, and so on.

Below I intercepted two fragments of the local configuration:

These two configurations correspond to the keys used by both Github and Coding services. The first row of the Host is just a name, the third row of the Hostname is the corresponding real address, but the two best consistent, so do not have to convert in the head.

With this configuration, when I git clone Https://github.com/user/repo, the Id_rsa key will be used, and when I git clone Https://coding.net/user/repo, it's clear The Nightire secret key will be used.

Of course, this configuration is not limited to Git, and all applications and commands that use SSH at the bottom will follow the instructions in the configuration file to find the corresponding private key.

Back to the beginning of this section of the topic, I believe that with Keychain do not need this configuration file management, but I have not had the opportunity to do the test. The current environment is all right, I'll try it when I change the new machine to reconfigure the environment.

As for the correspondence between Host and Hostname, it is best to be consistent if the Hostname is a domain name. But here are two tips:
1. What if there are two different configurations under the same domain name?
Take Github For example, if I have two accounts, one personal, one organized, and want to use different keys, then I can write:

Here, behind Host, is Github's two usernames, Github.com/nightire and Github.com/very-geek .
2. If the domain name is a digital IP, can it be simplified?
Host can help you turn the corresponding IP into a good-to-remember name. For example, if I have a Git Server (based on gitolite or Gitlab or any tool) inside the company, the normal access address is: git://xxx.xxx.xxx.xxx: Repo.git, the following configuration can help you simplify it to: git.visionet:repo.git

Very useful.

Is there a simple way?

Yes. If Ssh-add is already able to meet your requirements (in addition to starting over again), you can automate this with scripting. Simply write the contents of the ssh-add command you entered into the. bashrc or. Bash_profile (or any other shell environment profile you use) so that you do this automatically as soon as you open the terminal.

However, as I said before, this mechanism relies on ssh-agent services and can only be used under the terminal. With the Keychain mechanism, it is effective throughout the system (including applications that do not rely on the terminal) and does not require the ssh-agent service to be opened.

Finally Keychain service is not only the mac, I just searched, Windows and various Linux have a corresponding mechanism, but I did not use, can only take the Mac as an example. Understand these concepts, I believe you can find out the specific method.

Whether Ssh-add must be added every time