Thursday, June 7, 2018

Passing Keys ssh-agent

Recently I had a need to pull a github repo onto a remote server.  When faced with this I would usually just pull using https for example run a clone command like this…

 > git clone

Which works just fine for an open repo, but if it’s a private repo you are forced to put in my username password not only when I clone, but every time I pull or push.

Not much fun.  I would rather pull via ssh and not have to worry about this.

I could copy my private ssh key to the remote box and clone it via ssh protocols, but then my private key is a remote box that I may share with other developers… Bad idea.

Or I could create a new public/private key on the remote box for my user and add the public key to my account on github.  A little better, but still other developers on the box could possibly access my new private key on the box, which would allow them to push/pull as me in github… Again not ideal.

There is another option I ran across, and I am now using, to use ssh-agent tool to forward your keys when you ssh to the box [1]


You may want to read this article on some of the dangers of using this command [2]

Long story short while you are logged into the remote box other admins on the box, think root access, could utilize your ssh key and pretend to be you.   But I like this reduced risk vs keeping my key or creating a new key on the box.

Using it

Start the ssh-agent

 > eval $(ssh-agent)

Now add your private keys  using the ssh-add tool

 > ssh-add ~/.ssh/id_rsa

As a double check run this to list your keys

 > ssh-add -l

There she be J

Now ssh to a box and use the -A option to enable forwarding of the authentication agent connection to the machine you are ssh’n to.

Here is my example
 (Of course replace haproxy with your hostname J )

 > ssh -A haproxy

As another double check you can run this command on the machine you just logged into via ssh to confirm the key was sent along

 > ssh-add -l

Wahoo it worked… Now if I try to run a git clone via ssh…

 > git clone

 Done deal J

That fulfills my needs J
Now there are lots of other useful things you can do with this such as use it to ssh to yet another box which contained your public key.


[1]        ssh-agent
                Accessed 06/2018
[2]        Are there any risks associated with SSH agent forwarding?
                Accessed 06/2018

No comments:

Post a Comment