Managing Multiple SSH Identities - Best Practices?
Kurt Granroth
kurt+plug-discuss at granroth.com
Wed Jan 5 10:48:21 MST 2011
On 01/04/2011 11:39 PM, Patrick Callahan wrote:
> I recently started playing with a "free" (for one year) trial of Amazon
> EC2. One of the things it had me do is create a new RSA priv/pub
> key-pair for use with SSH on the new server instance. Previously, I
> hadn't really messed with managing multiple identities on SSH (I just
> added the id_rsa.pub file from each of my machines to the
> authorized_keys files of my couple of toy servers). But no more.
>
> So anyway, knowing vaguely what ssh-agent was, I played with it and
> currently I've added "ssh-add <identityfile> &>/dev/null" lines to
> ~/.profile, which works. But is there a more correct/better way to do
> this? Is ssh-agent practically any better than adding an Identity option
> to a corresponding server in ~/.ssh/config for my purposes?
ssh-agent gives you two primary benefits:
1. It allows you to set your SSH pass phrase only once up front (or
whatever your timeout is set to) without having to type it for every SSH
session
2. You SSH credentials "follow" you when ssh'ing from the remote server
to another one
If your SSh key doesn't have a pass phrase associated with it or you
won't be using the EC2 instance as a jumping off point, then ssh-agent
doesn't do a lot for you. Updating ~/.ssh/config makes more sense in
that case.
More information about the PLUG-discuss
mailing list