Mail Archives: cygwin/2002/05/21/11:41:13
> -----Original Message-----
> From: Brian Gallew [mailto:geek AT burri DOT to]
> Sent: Monday, May 20, 2002 8:54 PM
> To: cygwin AT cygwin DOT com
> Subject: ssh-agent
>
>
> I'm trying to use ssh-agent in a useful manner on my laptop. So, my
> desired state is to run the agent as a service. Here's the command
> I'm using to *try* to install it.
> cygrunsrv.exe --install ssh-agent -p /bin/ssh-agent -a "-d"
>
> Sadly, the service fails to start. Any ideas?
>
> If it matters, I updated my cygwin install at 0900 EST today and I'm
> running it on top of XP.
>
You might want to look at the tool 'keychain'. In the setup.exe
Category window, it's in the 'Utils' group. Here's what it displays
when you enter: $ keychain --help
KeyChain 1.8; http://www.gentoo.org/projects/keychain
Copyright 2001 Gentoo Technologies, Inc.; Distributed under the GPL
Usage: /usr/bin/keychain [ options ] sshkey ...
Description:
Keychain is an OpenSSH key manager, typically run from ~/.bash_profile.
When
run, it will make sure ssh-agent is running; if not, it will start
ssh-agent.
It will redirect ssh-agent's output to ~/.ssh-agent-[hostname], so that
cron
jobs that need to use ssh-agent keys can simply source this file and
make the
necessary passwordless ssh connections. In addition, when keychain
runs, it
will check with ssh-agent and make sure that the ssh RSA/DSA keys that
you
specified on the keychain command line have actually been added to
ssh-agent.
If not, you are prompted for the appropriate passphrases so that they
can be
added by keychain.
Typically, one uses keychain by adding the following to the top of
their
~/.bash_profile (or ~/.zlogin, in case of zsh):
keychain ~/.ssh/id_rsa ~/.ssh/id_dsa
. ~/.ssh-agent-${HOSTNAME}
# alt. syntax: . ~/.ssh-agent-`uname -n`
# note the use of back-quotes (`) rather than single-quotes (') above.
# We now append the hostname (`uname -n`) to the .ssh-agent filename
# for NFS-compatibility.
You can make keychain work with your csh-compatible shell by adding the
following to your .cshrc:
keychain ~/.ssh/id_rsa ~/.ssh/id_dsa
source ~/.ssh-agent-csh-${HOSTNAME}
Keychain allows all your apps and cron jobs to use a single ssh-agent
process
as an authentication agent. By default, the ssh-agent started by
keychain is
long-running and will continue to run, even after you have logged out
from the
system. If you'd like to tighten up security a bit, take a look at the
--clear option, described below.
Options:
--local
Prevents keychain from appending the hostname to any of the files.
This
makes life simpler in a non NFS world.
--clear
Tells keychain to delete all of ssh-agent's host keys. Typically, This
is
used in the ~/.bash_profile. The theory behind this is that keychain
should
assume that you are an intruder until proven otherwise. However, while
this
option increases security, it still allows your cron jobs to use your
ssh keys
when you're logged out.
--noask
This option tells keychain do everything it normally does (ensure
ssh-agent is
running, set up the ~/.ssh-agent-[hostname] file) except that it will
not
prompt you to add any of the keys you specified if they haven't yet
been added
to ssh-agent.
--nocolor
This option disables color highlighting for non vt-100-compatible
terms.
--stop | -k
This option tells keychain to stop all running ssh-agent processes, and
then
exit.
--quiet | -q
This option tells keychain to turn off verbose mode and only print
error
messages and interactive messages. This is useful for login scripts
etc.
=============
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -