Comments on: Leopard finally supporting ssh-agent at login http://ormset.no/wordpress/2007/10/28/leopard-finally-supporting-ssh-agent-at-login/ Wed, 28 Jul 2010 05:48:21 +0200 http://wordpress.org/?v=2.9.2 hourly 1 By: Oliver http://ormset.no/wordpress/2007/10/28/leopard-finally-supporting-ssh-agent-at-login/comment-page-1/#comment-64183 Oliver Sun, 23 Nov 2008 17:55:17 +0000 http://ormset.no/wordpress/?p=178#comment-64183 I recently migrated my entire account/home directory to a new computer and can't get the password to be stored any longer Quoting from above: "Your .pub must be present in the remote accounts $HOME/.ssh/authorized_keys file" I don't see this file. My .ssh directory only contains the following: laptop~/.ssh>ls id_rsa id_rsa.pub known_hosts When I type the equivalent of the above command: ssh -i lolcats lolcat@hostname.tld for my server, the dialogue box doesn't pop up, and I'm forced to type in the password each time I use ssh. Everything worked fine on my old macbook. Help would be greatly appreciated! I recently migrated my entire account/home directory to a new computer and can’t get the password to be stored any longer

Quoting from above: “Your .pub must be present in the remote accounts $HOME/.ssh/authorized_keys file”

I don’t see this file. My .ssh directory only contains the following:

laptop~/.ssh>ls
id_rsa id_rsa.pub known_hosts

When I type the equivalent of the above command:
ssh -i lolcats lolcat@hostname.tld

for my server, the dialogue box doesn’t pop up, and I’m forced to type in the password each time I use ssh.

Everything worked fine on my old macbook.

Help would be greatly appreciated!

]]> By: Darcy http://ormset.no/wordpress/2007/10/28/leopard-finally-supporting-ssh-agent-at-login/comment-page-1/#comment-52108 Darcy Fri, 25 Apr 2008 20:42:15 +0000 http://ormset.no/wordpress/?p=178#comment-52108 Big thanks for this post. Big thanks for this post.

]]> By: davide http://ormset.no/wordpress/2007/10/28/leopard-finally-supporting-ssh-agent-at-login/comment-page-1/#comment-49966 davide Fri, 21 Mar 2008 10:16:51 +0000 http://ormset.no/wordpress/?p=178#comment-49966 i am missing the first part? is there a "new & standard" way for keypair generation, now that the agent is included in leopard? i am missing the first part?
is there a “new & standard” way for keypair generation, now that the agent is included in leopard?

]]> By: Luke Redpath http://ormset.no/wordpress/2007/10/28/leopard-finally-supporting-ssh-agent-at-login/comment-page-1/#comment-48328 Luke Redpath Tue, 04 Mar 2008 19:37:16 +0000 http://ormset.no/wordpress/?p=178#comment-48328 Here's a gotcha for people who can't get this working. I was struggling to work out why I could not get this working with a new MacBook (which never had SSHKeychain installed). The reason: I use MacPorts and had ended up installing OpenSSH via MacPorts (it was a dependency of some other lib). This resulted in a standard, non-keychain support build of ssh in /opt/local/bin, which happened to be listed in my $PATH first. Only when I ran "which ssh" did I realize what had happened. Here’s a gotcha for people who can’t get this working.

I was struggling to work out why I could not get this working with a new MacBook (which never had SSHKeychain installed).

The reason: I use MacPorts and had ended up installing OpenSSH via MacPorts (it was a dependency of some other lib). This resulted in a standard, non-keychain support build of ssh in /opt/local/bin, which happened to be listed in my $PATH first. Only when I ran “which ssh” did I realize what had happened.

]]> By: Tim B http://ormset.no/wordpress/2007/10/28/leopard-finally-supporting-ssh-agent-at-login/comment-page-1/#comment-41647 Tim B Fri, 21 Dec 2007 15:05:36 +0000 http://ormset.no/wordpress/?p=178#comment-41647 The known_hosts file isn't the hole it might seem to be as it contains hashes of the hosts you connect to rather than their names. If you have old entries these can be updated: ssh-keygen -H The known_hosts file isn’t the hole it might seem to be as it contains hashes of the hosts you connect to rather than their names. If you have old entries these can be updated:
ssh-keygen -H

]]> By: jumperboy http://ormset.no/wordpress/2007/10/28/leopard-finally-supporting-ssh-agent-at-login/comment-page-1/#comment-40931 jumperboy Sat, 08 Dec 2007 13:59:48 +0000 http://ormset.no/wordpress/?p=178#comment-40931 Actually, the man pages have been updated, but a bug in the Leopard installer prevents the old ones from being deleted when you upgrade, and you see those instead. I'm surprised this hasn't been addressed in Software Updates, as it seems like a serious bug to me, but you can fix it with a ruby script posted at macosxhints.com: http://forums.macosxhints.com/showthread.php?t=80171&page=3 Naturally, you should back up your man directory, first. Back to topic, I can understand starting ssh-agent when I log in, but why on earth would I want to store my passphrase in the keychain? If someone cracked my login, they would get instant access to any host I connect to with public key authentication, using the known_hosts file as a roadmap. This sounds like a bad practice to me. Actually, the man pages have been updated, but a bug in the Leopard installer prevents the old ones from being deleted when you upgrade, and you see those instead. I’m surprised this hasn’t been addressed in Software Updates, as it seems like a serious bug to me, but you can fix it with a ruby script posted at macosxhints.com:

http://forums.macosxhints.com/showthread.php?t=80171&page=3

Naturally, you should back up your man directory, first.

Back to topic, I can understand starting ssh-agent when I log in, but why on earth would I want to store my passphrase in the keychain? If someone cracked my login, they would get instant access to any host I connect to with public key authentication, using the known_hosts file as a roadmap. This sounds like a bad practice to me.

]]> By: Chris http://ormset.no/wordpress/2007/10/28/leopard-finally-supporting-ssh-agent-at-login/comment-page-1/#comment-38792 Chris Tue, 06 Nov 2007 06:05:45 +0000 http://ormset.no/wordpress/?p=178#comment-38792 Actually, if you have your private key in ~/.ssh/id_rsa (and probably identity or id_dsa, but I've only tried this with id_rsa) then you can just type: ssh servername If you have a passphrase on your private key, that dialog pops and you can save the passphrase in your keychain. You don't need to have an ~/.ssh/authorized_keys nor do you need to specify the -i option every time you use ssh. The man pages for ssh-add and ssh-agent haven't been updated, but if you type: ssh-add --help you'll notice some new options, like -k "Add all identities stored in your keychain." This is such a nice new feature of Leopard. Thanks for the info on this! -Chris Actually, if you have your private key in ~/.ssh/id_rsa (and probably identity or id_dsa, but I’ve only tried this with id_rsa) then you can just type:

ssh servername

If you have a passphrase on your private key, that dialog pops and you can save the passphrase in your keychain. You don’t need to have an ~/.ssh/authorized_keys nor do you need to specify the -i option every time you use ssh.

The man pages for ssh-add and ssh-agent haven’t been updated, but if you type:

ssh-add –help

you’ll notice some new options, like -k “Add all identities stored in your keychain.”

This is such a nice new feature of Leopard. Thanks for the info on this!

-Chris

]]> By: Matt Foster http://ormset.no/wordpress/2007/10/28/leopard-finally-supporting-ssh-agent-at-login/comment-page-1/#comment-38738 Matt Foster Mon, 05 Nov 2007 13:39:12 +0000 http://ormset.no/wordpress/?p=178#comment-38738 You can specify a default identity file to use in your .ssh/config. I think something like: IdentityFile ~/.ssh/ Ought to do it. There's more info in man ssh_config Thanks for the useful info! Matt You can specify a default identity file to use in your .ssh/config.

I think something like:
IdentityFile ~/.ssh/
Ought to do it.

There’s more info in man ssh_config

Thanks for the useful info!

Matt

]]>