OpenSSH the things you don't know

A few days ago in the company saw someone using "ssh-agent/bin/bash-c" Ssh-add ~/.ssh/identity; Git pull sth ' "This command pulls the app from the Gitlab. First time to see this kind of use feel good high-end ah! (In fact, I ignorant), so with the curiosity of the heart to use a man science (here installed a bit forced, MD results nothing to understand, this forced to pretend to really fail or direct Baidu bar), found two introduction quite detailed article.

Http://www.ibm.com/developerworks/cn/linux/security/openssh/part1/index.html

http://www.ibm.com/developerworks/cn/linux/security/openssh/part2/

Here is a brief introduction to the two commands:

1) ssh-agent

Ssh-agent is a daemon that is used to host private key files generated locally by RSA,DSA-authenticated SSH on the client side. When we generate a public, private key pair locally by Ssh-keygen-t DSA, you are prompted to enter the private keys file (the default is ~/.ssh/id_ RSA) Passphrase (of course you can also choose not to enter, but so long as a person to get your private key file He can directly password-free login to your SSH server, so there is a certain security risks), enter a long string of password after the end. This will require you to enter a passphrase for your local private key whenever you use SSH to connect remotely. So the question is, we use RSA,DSA certification many times the purpose is to avoid authentication interaction, around such a large circle or back to the origin. Don't worry, Ssh-agent's appearance is to solve this problem for us, it will cache your decrypted private key locally, when using SSH remote connection, It will check the existence of the private key from the ssh-agent cache first, if it exists, it can be used directly, not the need to enter the password of the interaction

2) Ssh-add

Ssh-add is used to add your decrypted private key to ssh-agent. Now that you want to decrypt the private key, you must enter the passphrase when you use the command, but you will not need to use this command once you have entered the password once. This is called an input, multiple use

The following are examples of use:

Eval ' ssh-agent '

Ssh-add [path to save private key] #默认会查找 ~/.ssh/id_rsa, ~/.SSH/ID_DSA, ~/.SSH/ID_ECDSA, ~/.ssh/id_ed25519 and ~/.ssh/identity

Note the point:

The ssh-agent command only takes effect at the current terminal, which means that every time you open a new terminal you have to repeat the above two steps, which is also a very painful thing, the solution please refer to the second connection above.

ssh-agent [command] to open ssh-agent so that command will be executed as a child of ssh-agent, and when command execution is complete, The ssh-agent socket will also be automatically closed. This applies to the SSH protocol communication client such as the git command above.

OpenSSH the things you don't know