SSH public key authentication: Difference between revisions
imported>Almino Telling people how to use a different port |
Adding defining and using the ssh-agent Tags: Mobile edit Mobile web edit |
||
| Line 33: | Line 33: | ||
IdentityFile ~/.ssh/another-machine | IdentityFile ~/.ssh/another-machine | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== SSH agent == | |||
A ssh private key, for which a phrase is defined, can be clumsy if you use it multiple times. It is possible to store the private key identity in a ssh-agent. The ssh-agent uses the ssh private key identity when you issue a ssh command, for instance when using ssh to connect. | |||
To define NixOS to setup a ssh-agent, add this to your configuration: | |||
<syntaxhighlight lang="nix"> | |||
programs.ssh.startAgent = true; | |||
</syntaxhighlight> | |||
NixOS will starta user systemd service with the ssh-agent at login. You can see the service with the command <code>systemctl --user status ssh-agent</code>. | |||
It provides also the environment variable $SSH_AUTH_SOCK which refers to <code>/run/user/1000/ssh-agent</code> , in this case for user id 1000. | |||
If you want to use a ssh key pair for authenticating, you can add this to the ssh-agent using the command ssh-add entering the phrase only once. | |||
<syntaxhighlight lang="console"> | |||
[user@your-machine] $ ssh-add .ssh/id_rsa | |||
Enter passphrase for .ssh/id_rsa: | |||
Identity added: .ssh/id_rsa (myaccounts@mymachine) | |||
</syntaxhighlight> | |||
If you store the ssh public key with the command ssh-copy-id on <code>another-machine</code> as shown above, you can logon without giving a password or phrase. | |||
== SSH server config == | == SSH server config == | ||