Difference between revisions of "Managing multiple SSH agents"
← Older edit
Newer edit →
Managing multiple SSH agents (view source)
Revision as of 10:45, 10 August 2016
→‎Using multiple agents via systemd: Add instructions for IdentityAgent
=== Using multiple agents via systemd ===
This requires the use of a Linux distribution using systemd as the init system (all current releases do that, e.g. Debian jessie or Ubuntu 15.10 and later).
You can start multiple ssh-agents through systemd user units. The following unit would e.g. connect to labs, copy it to /usr/lib/systemd/user/ssh-labs.service
systemctl --user enable ssh-labs
This will create the agent socket ssbssh-labs.socket inside the $XDG_RUNTIME_DIR directory (which is automatically created and usually refers to /run/user/1000/, so the effective SSH agent socket would be /run/user/1000/ssh-labs.socket​).
Start the agent as follows to check if the systemd user unit works properly. There is no need to do this afterwards, later on the unit will be started during your first login.
systemctl --user start ssh-labs.service
Finally whenever you want to connect to either labs or elsewhereproduction via SSH, you need to point SSH_AUTH_SOCK​your SSH client to the respective agent socket.:
If you're using openssh 7.3 (available in Debian unstable since 7th August 2016), this is really simple: You can use the new ''IdentityAgent'' directive, so wherever you configure the IdentityFile, simply add the respective SSH agent socket created by the systemd user units above. Here's an example for configuring access for labs:
Host *.wmflabs gerrit.wikimedia.org *.wmflabs.org
User foo
IdentityFile /home/foo/.ssh/id_labs
IdentityAgent /run/user/1000/ssh-labs.socket
IdentitiesOnly yes
ForwardAgent no
If you don't have openssh 7.3 yet, you need to set the set the environment variable SSH_AUTH_SOCK to the respective socket before connecting, e.g.
export SSH_AUTH_SOCK="/run/user/1000/ssh-labs.socket"
=== The simplest solution ===
Privacy policy
Terms of Use
HomeRandomLog in Settings DonateAbout WikitechDisclaimers