On Wed, 12 Apr 2000, Jens B. Jorgensen wrote: >That's what ssh-agent is for. You run ssh-agent and it will output environment >variable for a unix domain socket. Then you run ssh-add and type in your >passphrase. >The ssh-agent caches your key and access is limited to your user (permissions >on the >unix socket). This is not secure enough for some of course.
Thanks Ben and Jens for your advice on this issue. I have now got ssh-agent working with support for X and non-X logins (/etc/profile checks whether $DISPLAY is set to determine which alias to setup for ssh-add). Now I have a problem though, sometimes a session gets killed without the .logout running and the ssh-agent keeps running. This is a problem as the machine in question could potentially be accessed by an untrusted person and the ssh-agent contains the root password. What I would like to do is have the ssh-agent timeout after some time of inactivity and/or a specified period of time. Another thing I would like to do is have a password get removed from the ssh-agent after a period of time. Has anyone worked on any of these issues? Does anyone have any code that may help? If no-one else has done any of this then I intend to write some support for this myself. Russell Coker >Russell Coker wrote: > >> Is it possible to have the ssh client read the pass-phrase for an authorised >> key from an environment variable? >> >> What I want to do is: >> export PASS=`ssh-askpass` >> for n in $MACHINES do >> ssh $n command >> done >> unset PASS >> >> Or something similar. Basically I want to login to 30 machines and run some >> command but without having to enter my pass-phrase 30 times. I know I could >> use expect (and will if no-one has a better suggestion). But I'm sure there >> is a better way (why else would ssh-askpass exist?). -- My current location - X marks the spot. X X X