Using SSH Agent

 


On Linux/Unix system an ssh-agent process can be run that will supply SVN with your authorization key when the key is demanded by SVN to carry out an operation on the remote repository. If the key has an associated pass phrase associated with it, then ssh-agent only requires you to supply this pass phrase once --- when you execute the command ssh-add to add a key that ssh-agent will manage.

The commands listed below allow one to use ssh-agent in the simplest manner. There are more advanced usages, in particular, one can use keychain scripts to facilitate the usage of ssh-agent over a network.

For those using a Windows operating system, ssh-agent is analogous to the pageant program associated with the putty ssh program.

Note: If one uses a key with a key-agent to access a Subversion repository associated with a host account on a host machine, then it seems that one can't create a plain ssh connection to that account on the host machine. The problem stems from the fact that the key used for the repository gets used automatically for any ssh connection to the machine, and cannot be overridden by specifying a different identity using the "-i" option. To get around this problem, one has to remove the key for the repository from the key-agent (use the ssh-add -d keyname command) before invoking the ssh. This issue will only effect repository administrators, as they are the only ones who should be using plain ssh connections to the host account on the host machine.

For csh (or tcsh) shells

If one is using csh, then start up the agent using the command

eval `ssh-agent -c`

and add keys using the command

ssh-add pathToKey/Key

Once the ssh-agent gets started, it won't stop, even after logging out, unless you explicitly kill the agent using the command ssh-agent -k.

To enforce the killing of the ssh-agent automatically when you logout, add the line

ssh-agent -k >& /dev/null

to ones .logout file.

Sometimes ssh-agent processes will be To check to see if you have zombie ssh-agent processes, use

ps -u your_login_name

to identify the processes associated with your login. If there are zombie ssh-agent processes, note the PID's and then execute a kill command

kill -TERM PID

For bash shells

For bash shell users start up the agent using the command

eval `ssh-agent -s`

and add keys using the command

ssh-add pathToKey/Key

Once the ssh-agent gets started, it won't stop, even after logging out, unless you explicitly kill the agent using the command ssh-agent -k.

To enforce the killing of the ssh-agent automatically when you logout, add the line

ssh-agent -k >& /dev/null

to ones .bash_logout file. You may need to create this file if it doesn't exist.

Sometimes ssh-agent processes will be To check to see if you have zombie ssh-agent processes, use

ps -u your_login_name

to identify the processes associated with your login. If there are zombie ssh-agent processes, note the PID's and then execute a kill command

kill -TERM PID

For users of the bash shell, create a .bash_logout file (if one doesn't exist) and add the line

 

Chris Anderson May 29, 2007