[CentOS] ssh-agent

Gé Weijers ge at weijers.org
Tue Apr 6 19:14:53 UTC 2010


If you log in on CentOS (or Ubuntu or anything Linux and modern) using a 
graphical console >>DO NOT START ssh-agent<<. The standard startup scripts 
run one for you, and when you log out it dies. I assume that's what you 
want.

The 'deamon' version is designed to run the following way in a 
.profile/.bash_profile:

eval `ssh-agent`

The output of ssh-agent is evaluated by the shell, which adds the right 
environment variables so ssh and ssh-add can find it. To kill it run 
"ssh-agent -k", which uses the environment variables to find the daemon 
and kill it.

Now if you just run 'ssh-agent' that does not happen, so that particular 
instance does not get used. Assuming you did the following:

1) just run plain "ssh-agent" (no eval)
2) run "ssh-add"

the agent that actually held your keys was started by some system script, 
and was terminated when you logged out, so there was no security issue. 
You just were creating unused agents to float around 'till reboot time.

I hope this cuts down some of the confusion.

Gé


More information about the CentOS mailing list