14

I'm considering using a tool to setup my ssh-agent environment so I only need to enter my ssh key once.

What is the difference between ssh-ident and keychain? Does one have advantages over the other?

cocomac
  • 3,043
  • 3
  • 16
  • 49
Tom Hale
  • 3,358
  • 5
  • 16
  • 33
  • I have never heard of your `keychain` or `ssh-ident`. Why not to use standard `gnome-keyring` (preinstalled and configured in Ubuntu) or directly `ssh-agent`? They do everything you require from them (*"I only need to enter my ssh key once."*). – Jakuje Dec 07 '16 at 20:09
  • 2
    `ssh-agent` only applies to sub-processes. The two mentioned programs `allow you to easily have one long running ssh-agent process per system, rather than the norm of one ssh-agent per login session.` (From [here](https://github.com/funtoo/keychain)). Would `gnome-keyring` solve this issue? – Tom Hale Dec 07 '16 at 22:42
  • If you run it outside of your session, it will work the same way, as late as you retain the connection to this agent (env. variable SSH_AUTH_SOCK). – Jakuje Dec 08 '16 at 07:32
  • 1
    The management (eg securly setting) of `SSH_AUTH_SOCK` is the raison d'être of the two tools I mention. – Tom Hale Dec 09 '16 at 02:41
  • 1
    I would be very interested how you do security and management of environment variable. – Jakuje Dec 09 '16 at 06:40
  • [This](http://rabexc.org/posts/pitfalls-of-ssh-agents) explains why it's not as simple as `[ -z "$SSH_AUTH_SOCK" ] && eval \`ssh-agent -s\` && ssh-add `. The two listed tools address these issues. – Tom Hale Dec 10 '16 at 03:52
  • 1
    It is not particularly true. The first bash you start is the one where you start you x session and the environment variables are inherited to all the others. – Jakuje Dec 10 '16 at 16:01
  • What you say doesn't hold if you are not using `X`, but it is true generally true for most users. – Tom Hale Dec 12 '16 at 00:39

1 Answers1

6

Please look at this answer over on the Unix Stack Exchange site: https://unix.stackexchange.com/a/90869

ssh-key with passphrase, with ssh-ident

ssh-ident is an utility that can manage ssh-agent on your behalf and load identities as necessary. It adds keys only once as they are needed, regardless of how many terminals, SSH or login sessions that require access to an SSH agent.

ssh-key with passphrase, with keychain

keychain is a small utility which manages ssh-agent on your behalf and allows the SSH agent to remain running when the login session ends. On subsequent logins, keychain will connect to the existing SSH agent instance.

David Foerster
  • 35,754
  • 55
  • 92
  • 145
CenterOrbit
  • 587
  • 5
  • 5
  • I figured since I'm posting a link to another StackExchange site that the linked page rule wouldn't apply... apparently each sub-site has their own interpretation of this policy. – CenterOrbit Apr 20 '17 at 02:51
  • Thanks for the edit. And no, this isn't a site-dependent thing. No site on the SE network accepts a link as an answer, not even a link to another SE site. – terdon Apr 20 '17 at 08:08