Hands cramped from typing your ssh password?
2007-12-02 / 18:01 / dave
I was thinking about the tools I use for messing around with this blog (more on that later) and realized that setting up ssh-agent might be the biggest efficiency boost ever (besides installing cygwin, learning emacs key bindings, tweaking the hell out of Firefox, installing launchy…)
Basically, follow the “Getting Started” section of HOWTO: set up ssh keys (Paul Keck’s article from 2001!).
You’ve now got keys made and deployed to your remote servers. But typing ssh-agent sh -c 'ssh-add < /dev/null && bash' each time sucks. I'm sure you could alter your shell startup to automatically start ssh-agent, but that would allow any shell open access to your remote machines. Not good, especially since my job sometime involves delicate information.
Instead, I added these lines to my .bashrc file:
# Shortcuts to start a bash shell w/ ssh-agent initialized #alias bash-ssh="ssh-agent sh -c 'ssh-add < /dev/null && bash -li'" # NOTE: to get --init-file to work couldn't use -li alias bash-ssh="ssh-agent sh -c 'ssh-add < /dev/null && bash --init-file $HOME/.bashrc_ssh'" # Shortcuts to lock & unlock ssh-agent (good if always on) alias ssh-lock='ssh-add -x' alias ssh-unlock='ssh-add -X'
Note that I commented out the original ssh-agent call and replaced it with a slightly different one. The new one drops the -li switches and instead calls a special initialization file, .bashrc_ssh
# .bashrc_ssh: special bash shell when running in SSH mode
# invoked w/ "bash-ssh" (defined as alias in ~/.bashrc
# source the system wide bashrc if it exists
if [ -e /etc/profile ] ; then
source /etc/profile
fi
# source the system wide bashrc if it exists
if [ -e /etc/bash.bashrc ] ; then
source /etc/bash.bashrc
fi
# source the regular bash
if [ -e "${HOME}/.bashrc" ] ; then
source "${HOME}/.bashrc"
fi
# Modify prompt to reflect ssh mode
PS1=$PS1'[ssh] '
Now our prompt is modified to remind us that we're running in convenient-but-insecure mode.
More information on ssh-agent via SecurityFocus
[...] on top? It works just fine with ssh-agent. So as long as I start XEmacs from a bash-ssh it’s a password-less [...]
[...] launch my ssh enabled shell on demand, but if you are comfortable leaving it open (or using ssh-add -x to manually lock your ssh keys) [...]