Use Of Ssh Agents - Fujitsu Siemens Computers SX series User Manual

Remote operation via PC
There is no way you can recover a lost pass phrase. If you have lost one, a new key pair
must be generated and its public key must be distributed to the communications partners.

6.4.2 Use of SSH agents

i
In an initialization run for SSH the key pairs are generated, stored in the local files, and the
public keys are distributed to the communication partners. At the start of an interactive
session or of a script the SSH agent is started by calling the ssh-agent command (see
http://www.openssh.com). The necessary private keys are then transferred to it using
ssh-add. The SSH agent keeps these private keys in memory in encrypted form. It requires
the pass phrases for the decryption process if any have been specified.
From now on until its shutdown the SSH clients contact the SSH agent automatically for all
key-related operations. If a remote connection is to be set up using an ssh call, the local
SSH agent and the remote sshd daemon automatically perform the required authentication
procedure.
If a pass phrase is used it need only be entered once. It is read by ssh-add from the current
terminal if ssh-add was started from the terminal. If ssh-add has no terminal assigned but
the variables DISPLAY and SSH_ASKPASS are set, the program specified by SSH_ASKPASS
is executed and an X11 window is opened to read the pass phrase. This is useful if ssh-add
is called in an .Xsession or in a startup script.
Example
ssh-keygen -b 1024 -t rsa -C <comment> -N "<pass-phrase>" # Generates a
1024-bit RSA key in SSH Version 2 protected by a pass phrase
ssh-agent /bin/csh # As an argument the path can be specified to a shell
or shell script
ssh-add # By default loads all keys of the Identity file
The environment variables which point to the socket of the SSH agent must be set so that
the SSH client can communicate with the agent. The ssh-agent program supplies the
information required for this purpose when it returns:
Example
# In SSH Version 1, OpenSSH and Sun_SSH Notation:
SSH_AUTH_SOCK=/tmp/ssh-JGK12327/agent.12327; export SSH_AUTH_SOCK;
SSH_AGENT_PID=12328; export SSH_AGENT_PID;
# In SSH Version 2 Notation:
SSH2_AUTH_SOCK=/tmp/ssh-JGK12327/agent.12327; export SSH2_AUTH_SOCK;
SSH2_AGENT_PID=12328; export SSH2_AGENT_PID;
U41272-J-Z385-3-76
Use of an SSH agent means that it is not necessary to type in the pass phrase
(which is normally long and complex) each time you call the ssh program.
Key management for Secure Shell
155