Sunday, June 17, 2012

Using Keychain with SSH agent forwarding

If you use Keychain, you may notice that by default, ssh-agent is started on every new machine you log into. Suppose you use SSH agent forwarding. There is no need to start ssh-agent on the remote host. To test whether your SSH agent has been forwarded, examine the SSH_AUTH_SOCK variable upon login. If it is set, then your SSH agent has been forwarded. Tying this together with Keychain, you can invoke Keychain only if the SSH agent has not been forwarded. Add the following code to your .bash_profile.

if [ -z "$SSH_AUTH_SOCK" ]; then
    if [ -e "$HOME/.ssh/id_rsa" ]; then
        eval $(keychain --quick --agents ssh id_rsa)
    fi
fi

Keychain (webpage)

No comments: