Re: Send a remote command?

Thu, 07 Nov 2002 17:15:54 -0800 

on Thu, Nov 07, 2002 at 03:43 PM -0800, Mike Egglestone 
([EMAIL PROTECTED]) wrote:
> Quoting nate <[EMAIL PROTECTED]>:
> 
> > Osamu Aoki said:
> > 
> > > man ssh
> > > man ssh-agent
> > >
> > > I never used but debian web server mirrorsuses this to push content.
> > 
> > 
> Hi,
> I looked at the man page for ssh-agent but I'm not sure how to use
> it to restart a squid daemon. 
> Any quick examples?

Digest version:

  - ssh-agent creates a socket which handles ssh requests.

  - ssh-agent creates two environment variables, SSH_AUTH_SOCKET (which
    tells you where your socket is) and SSH_AGENT_PID (the process ID of
    the ssh-agent process, mostly so you can hunt it down and kill it if
    needs be).

  - ssh-add is used to store key(s) in the ssh-agent process.

  - An ssh command checks to see if SSH_AUTH_SOCK is set, and if keys
    are available.  If so, it attempts authenticates via ssh-agent.
    Effectively, you'll type 'ssh remotehost' and get a shell on the
    remote host without being prompted for a password, or 'ssh
    remotehost command', and you'll execute 'command' on the remote host
    without being prompted for authentication.  Sort of like the bad old
    days of rsh, except that your session is encrypted, authenticated,
    and secured via ssh-agent/ssh.


There's a slight misconception running around that ssh-agent can only be
used by child processes of the initial ssh-agent spawning process.  This
isn't true, though because of environment inheritence, it's rather more
_convenient_ to do this.  Otherwise, you have to hunt for the
appropriate socket and supply its value to your local environment by
other means.


If you're running X11 from a display manager ([gkwx]dm), you're likely
already running ssh-agent, and can activate it by running 'ssh-add' and
supplying an appropriate passphrase.   I'd gotten hung up on this for
ages, thinking that ssh-agent was somehow securing my X11 process.  It's
not.  It's just that running 'ssh-agent windowmanager' is a convenient
way to ensure that all child processes of your window manager can access
the ssh-agent.

For more on this, see:

   http://twiki.iwethey.org/twiki/bin/view/Main/SshAgent

Peace.


-- 
Karsten M. Self                                          [EMAIL PROTECTED]
FreeRun Technologies                               Sr. Systems Administrator
vox 707.265.1836 x121
http://www.freeruntech.com

  There are two times when a man doesn't understand a woman -- before
  marriage and after marriage.

Attachment: msg11659/pgp00000.pgp
Description: PGP signature

Reply via email to