Monday, June 05, 2006
Mac - Setting up SSH agent authentication
As far as I can tell, there are three main ways to use ssh-agent with your Mac.
Alternately, you can write your own script to start up a single instance of your ssh-agent in your .bashrc, use a known socket, and set up Mac environment variables to for the three SSH_* environment variables. Mac environment variables can be set up as described here http://wiki.lyx.org/Mac/Environment, and you can use the following in your environment.plist (change emmby to your username):
The keychain utility is available from darwin ports: just "port install keychain"
If you "man keychain" you'll get more information about how to use it. As per the manpage, I did the following in my .profile (adding the -q quiet option):
- Use the "SSH Agent" cocoa app
- Write your own script to run a single ssh-agent on a known socket
- Use gentoo linux's "keychain" app (available in darwinports)
Alternately, you can write your own script to start up a single instance of your ssh-agent in your .bashrc, use a known socket, and set up Mac environment variables to for the three SSH_* environment variables. Mac environment variables can be set up as described here http://wiki.lyx.org/Mac/Environment, and you can use the following in your environment.plist (change emmby to your username):
<dict>Finally, this tip using gentoo keychain seems to work quite well for me: http://www.macosxhints.com/article.php?story=20011128174701140
...
<key>SSH_AUTH_SOCK</key>
<string>/tmp/emmby-sshagent/SSHAuthSock</string>
...
</dict>
The keychain utility is available from darwin ports: just "port install keychain"
If you "man keychain" you'll get more information about how to use it. As per the manpage, I did the following in my .profile (adding the -q quiet option):
# Set up ssh-agent using keychainNote that the advantage of using the "SSH Agent" cocoa-based app is that it will use your Mac Keychain to authenticate you so you will never need to type your ssh passphrase. Another advantage is that if you have any non-Terminal applications that can benefit from ssh-agent authentication (I can't think of any right now), they will authenticate you seemlessly using "SSH Agent" but not using gentoo keychain.
host=`uname -n`
keychain -q ~/.ssh/identity ~/.ssh/id_dsa
[ -f $HOME/.keychain/$host-sh ] && . $HOME/.keychain/$host-sh
Comments:
Post a Comment