Automate Backups on Linux

By Martyn Honeyford
2005-04-20


Automating Machine Access Using SSH-Agent
The ssh-agent program acts like a gatekeeper, securely providing access to security keys as needed. Once ssh-agent is started, it sits in the background and makes itself available to other OpenSSH applications such as ssh and scp programs. This allows the ssh program to request an already decrypted key, rather than asking you for the private key's secret passphrase each time it's required.

Let's take a closer look at ssh-agent. When ssh-agent runs it outputs shell commands:

Listing 7. ssh-agent in action

[offsite]$ ssh-agent

SSH_AUTH_SOCK=/tmp/ssh-XX1O24LS/agent.14179; export SSH_AUTH_SOCK;

SSH_AGENT_PID=14180; export SSH_AGENT_PID;

echo Agent pid 14180;

We can instruct the shell to execute the output commands which ssh-agent displays using the shell's eval command:

[offsite]$ eval `ssh-agent`
Agent pid 14198

The eval command tells the shell to evaluate (execute) the commands generated by the ssh-agent program. Make sure that you specify the back-quote character (`) and not a single quote! Once executed, the eval `ssh-agent` statement will return the agent's process identifier. Behind the scenes, the SSH_AUTH_SOCK and SSH_AGENT_PID shell variables have been exported and are now available. You can view their values by displaying them to the shell console:

[offsite]$ echo $SSH_AUTH_SOCK
/tmp/ssh-XX7bhIwq/agent.14197

The $SSH_AUTH_SOCK (short for SSH Authentication Socket) is the location of a local socket which applications can use to speak to ssh-agent. To ensure that the SSH_AUTH_SOCK and SSH_AGENT_PID variables are always registered, enter the eval `ssh-agent` statement into your ~/.bash_profile.

ssh-agent has now become a background process which is visible using the top and ps commands.

Now we're ready to share our passphrase with ssh-agent. To do so, we must use a program called ssh-add, which adds (sends) our passphrase to the running ssh-agent program.

Listing 8. ssh-add for hassle-free login

[offsite]$ ssh-add

Enter passphrase for /home/accountname/.ssh/id_dsa: (enter passphrase)

   Identity added: /home/accountname/.ssh/id_dsa

   (/home/accountname/.ssh/id_dsa)

Now when we access server1, we're not prompted for a passphrase:

[offsite]$ ssh accountname@server1.com
[server1]$ exit

If you're not convinced, try removing (kill -9) the ssh-agent process and reconnecting to server1. This time, you'll notice that server1 will request the passphrase for the private key stored in the id_dsa file in the .ssh directory:

[offsite]$ kill -9 $SSH_AGENT_PID
[offsite]$ ssh accountname@server1.com
Enter passphrase for key '/home/accountname/.ssh/id_dsa':

Tutorial Pages:
» No Excuses: do-it-Yourself, Secure, Distributed Network Backups Made Easy
» Simple Backups
» Advanced Backups
» Secure Remote Access Using Public/Private Keys
» Automating Machine Access Using SSH-Agent
» Simplifying Key Access Using Keychain
» Scripting a Backup Process
» Scheduling
» Verifying Your Backups
» Additional Security Precautions
» Conclusion
» Resources


First published by IBM DeveloperWorks

Related Tutorials: » How to Install PHP 5 on Linux » How to Install Apache 2 on Linux » How to Install MySQL 5.0 on Linux » SMB Caching » Mound --Bind » Tar Wild Card Interpretation

Tutorials AJAX ASP CGI & Perl CSS Flash HTML Illustrator Java JavaScript Linux MySQL PHP Photoshop Python Wireless XML Miscellaneous Scripts AJAX ASP ASP.NET CGI & Perl Flash Java JavaScript PHP Python Remotely Hosted Tools & Utilities XML Web Hosting Articles ASP.NET Budget Dedicated Servers Ecommerce Linux Resellers Shared Small Business Windows Developer Manuals Learn HTML Learn PHP Learn CSS Learn AJAX Learn JavaScript Learn Pear White Papers Resources Developer Tools Developer Content