Use ssh-agent

Use ssh-agent-Linux Enterprise Application-Linux server application information. For details, refer to the following section. Ssh-agent is a program used to control the private key used for public key authentication. The ssh-agent starts at the beginning of the X session or logon session. All other windows or programs are started as client programs and added to the ssh-agent program. By using environment variables, you can locate the proxy and use the proxy to automatically perform authentication when logging on to another ssh machine.

In fact, ssh-agent is a key manager. After running ssh-agent, use ssh-add to send the Private Key to the ssh-agent for safekeeping, when other programs require authentication, they can submit the authentication application to the ssh-agent to complete the authentication process. By using ssh-agent, you can easily roam between hosts. If we have three servers at hand: host1, host2, and host3 are saved on each server (supersun. biz), so I can log on to each host through Public Key Authentication:

Root@supersun.biz ~ # Ssh host1
Last login: Thu Oct 18 13:56:08 2007 from supersun
[Root @ host1 root] #

Root@supersun.biz ~ # Ssh host2
Last login: Fri Oct 12 11:14:44 2007 from supersun
[Root @ host2 root] #

Root@supersun.biz ~ # Ssh host3
Last login: Sat Sep 29 10:21:32 2007 from supersun
[Root @ host3 root] #

However, these three servers do not have their own public keys, and I cannot store my private keys on the server (Insecure ), therefore, there is no public key for mutual authentication (password authentication is supported, but this is slow, passwords are often lost, and too many passwords are easy to forget ). However, if we enable ssh-agent, the problem can be solved.

Enable ssh-agent:

Root@supersun.biz ~ # Eval 'ssh-agent'
Edas Agent pid 3526

Add private key:

Root@supersun.biz ~ # Ssh-add
Identity added:/root/. ssh/id_rsa (/root/. ssh/id_rsa)

Edit the/etc/ssh/ssh_config file: ForwardAgent yes

Enable ssh-agent to forward data so that you can log on to: supersun. biz ----> host1 ----> host2. At this point, please note that if no forwarding is set on host1, you will not be able to log on to host3. After forwarding is set, you can jump to rs3.

Root@supersun.biz ~ # Ssh host1
Last login: Thu Oct 18 16:21:29 2007 from supersun
[Root @ host1 root] # vi/etc/ssh/ssh_config
[Root @ host1 root] # ssh host2
Last login: Thu Oct 18 16:20:28 2007 from supersun
[Root @ host2 root] # ssh host3
Last login: Thu Oct 18 16:10:39 2007 from supersun
[Root @ host3 root] #

This is basically done. Another small problem is that you cannot run ssh-agent manually every time! The most time-saving method is to write it to the profile:

In order not to mess up profile, I am creating a ssh-agent.sh file under/etc/profile. d:

Root@supersun.biz ~ # Cat/etc/profile. d/ssh-agent.sh
#! /Bin/sh

If [-f ~ /. Agent. env]; then
.~ /. Agent. env>/dev/null
If! Kill-0 $ SSH_AGENT_PID>/dev/null 2> & 1; then
Echo "Stale agent file found. Spawning new agent ..."
Eval 'ssh-agent | tee ~ /. Agent. env'
Ssh-add
Fi
Else
Echo "Starting ssh-agent ..."
Eval 'ssh-agent | tee ~ /. Agent. env'
Ssh-add
Fi

This will not generate too many ssh-agent programs and support the GUI environment. When I open a terminal:

Stale agent file found. Spawning new agent...
Edas Agent pid 2543
Identity added:/root/. ssh/id_rsa (/root/. ssh/id_rsa)
Root@supersun.biz ~ #

Added a new key.