最近将工作PC机重装为ubuntu 12.04的桌面环境。我们的远程服务器都使用Public Key验证,在ubuntu里打开终端(Terminal),执行ssh登录时,每次都要输入私钥的访问密码,这个很麻烦。Mac下有一个应用程序Keychain很好用,自动记录密钥和密码。那么ubuntu呢?google了一把,发现ssh-agent可以解决这个问题。
from man ssh-agent:
ssh-agent is a program to hold private keys used for public key authentication (RSA,DSA).
The idea is that ssh-agent is started in the beginning of an X-session or a login session,
and all other windows or programs are started as clients to the ssh-agent program.
Through use of environment variables the agent can be located and
automatically used for authentication when logging in to other machines using ssh(1).
它的作用描述很清楚,保存私钥相关信息,用来进行公钥验证。通过使用环境变量,ssh命令可以自动调用ssh-agent。
继续看man:
The agent initially does not have any private keys. Keys are added using ssh-add(1).
When executed without arguments, ssh-add(1) adds the files ~/.ssh/id_rsa,
~/.ssh/id_dsa and ~/.ssh/identity. If the identity has a passphrase, ssh-add(1) asks
for the passphrase on the terminal if it has one or from a small X11 program if running under X11.
If neither of these is the case then the authentication will fail.
It then sends the identity to the agent. Several identities can be stored in the agent;
the agent can automatically use any of these identities.
ssh-add -l displays the identities currently held by the agent.
运行ssh-add,会自动保存~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/identity这3个私钥。如果有私钥密码,会要求你输入一次,它就记录下来。以后执行ssh登录时,就不需要再次输入私钥的访问密码了。ssh-add -l可以查看保存了哪些私钥。
就这样,我运行了一次ssh-add,再登录服务器时,一个ssh就进去了,跟Mac一样方便。