.comment-link {margin-left:.6em;} <$BlogRSDURL$>

Monday, June 05, 2006

Mac - Setting up SSH agent authentication 

As far as I can tell, there are three main ways to use ssh-agent with your Mac.
  1. Use the "SSH Agent" cocoa app
  2. Write your own script to run a single ssh-agent on a known socket
  3. Use gentoo linux's "keychain" app (available in darwinports)
The first option is to use the Mac SSH Agent from http://www.phil.uu.nl/~xges/ssh/, which works fine but takes up some space on your dock and also consumes a somewhat non-trivial amount of memory. It actually works pretty well. My biggest beef with is is that I always end up accidentally clicking on it in the dock and I have to wait while it brings some 600+ megs of itself into memory. Under normal usage only about 11 megs stay resident.

Alternately, you can write your own script to start up a single instance of your ssh-agent in your .bashrc, use a known socket, and set up Mac environment variables to for the three SSH_* environment variables. Mac environment variables can be set up as described here http://wiki.lyx.org/Mac/Environment, and you can use the following in your environment.plist (change emmby to your username):
<dict>
...
<key>SSH_AUTH_SOCK</key>
<string>/tmp/emmby-sshagent/SSHAuthSock</string>
...
</dict>
Finally, this tip using gentoo keychain seems to work quite well for me: http://www.macosxhints.com/article.php?story=20011128174701140

The keychain utility is available from darwin ports: just "port install keychain"

If you "man keychain" you'll get more information about how to use it. As per the manpage, I did the following in my .profile (adding the -q quiet option):
# Set up ssh-agent using keychain
host=`uname -n`
keychain -q ~/.ssh/identity ~/.ssh/id_dsa
[ -f $HOME/.keychain/$host-sh ] && . $HOME/.keychain/$host-sh
Note that the advantage of using the "SSH Agent" cocoa-based app is that it will use your Mac Keychain to authenticate you so you will never need to type your ssh passphrase. Another advantage is that if you have any non-Terminal applications that can benefit from ssh-agent authentication (I can't think of any right now), they will authenticate you seemlessly using "SSH Agent" but not using gentoo keychain.

// posted by Mike @ 2:03 PM
Comments: Post a Comment


This page is powered by Blogger. Isn't yours?