ssh-agent: How to use it properly?

Peter Stuge stuge-openssh-unix-dev at cdy.org
Tue Mar 22 13:48:33 EST 2005


On Mon, Mar 21, 2005 at 09:26:33PM +0300, rz1a at nwgsm.ru wrote:
>  The Snail book recommends running the ssh-agent on the remote host
>  always if the TTY is allocated (i.e. I not just remote-execute a
>  command there).
> 
>  My feel is that I need an agent only if I'm on /dev/con not on
>  /dev/tty, i.e. logged-in locally.

Technicalities such as PTY or console aren't as important as whether
you trust the system or not.

As you probably know from the book, the agent will be able to use
your private key. I suggest that you run the agent on a system that
you are comfortable with running it on, keeping that in mind.

The agent mechanism has a great benefit over regular key
authentication, in that the agent connection can be forwarded over
the network if you're always using SSH. A forwarded agent socket will
also mean access to use of the private key. Some like to use -c when
ssh-add:ing their key to the agent, to confirm each use of the key.
That of course requires the agent to run somewhere it can communicate
with you..


//Peter




More information about the openssh-unix-dev mailing list