For the moment it's satisfying enough even if I have to manually enter my key s in the agent every two minutes if I want to use them on a remote server allowing agent forwarding. Also, setting the right key s in the ssh options of capistrano is a big help for selecting which key s to use when deploying.
February 25, Last Updated: February 25, Toying with the OS X ssh-agent security ssh os x capistrano. Sponsored by. Just didn't like the idea of open access to the root of our server without any kind of password. But I see now that it asks for the ssh key pasphrase after logout or restart. I suppose so.
But it would be better to deny any login as root except from the physical console. Require authorized users to sudo for root access like on OS X. Then you can go back to using ssh-agent as a convenience. Oct 6, PM in response to etresoft In response to etresoft. I initially misunderstood the process and thought that after entering the passphrase once, OSX would never ask for it again.
But whenever I try to unload the plist as root or as a user I see: "launchctl: Error unloading: org. Will keep investigating but I'm pretty inexperienced with SSH so am not sure how it's all supposed to work - setting a timeout seems like a basic idea to me but there's very little info on it unless I'm using the wrong search terms. Have had to turn this off because it seems to break something with the keychain which stops third-party apps like the Querious MySQL app from authenticating via the key.
It just seems weird that if you don't tick to save the passphrase into your keychain, OSX saves and enters the passphrase automatically anyway? Oct 13, PM. Oct 13, PM in response to cmscss In response to cmscss. That's just the way ssh-agent works. Perhaps if you could elaborate more on what you are trying to accomplish at a high level, we could provide better assistance.
Troubleshooting SSH access to a NeCTAR instance
Oct 13, PM in response to etresoft In response to etresoft. OK, I didn't realise this - everything we'd read even on linux indicated that if you didn't want to be asked for a passphrase each time, don't enter a passphrase.
So I guess we assumed that if we entered a passphrase, we'd be asked for it? From a high level, we'd just like OSX to ask for the passphrase each time it connects using the key. We were able to achieve this for Terminal with the time out strings but it doesn't seem like other apps use or understand the plist because it only works in Terminal. That advice from the Linux world concerns adding a passphrase to your private ssh key. That isn't normally done on Linux and the standard advice is to not include a passphrase because it is such a hassle to use ssh-agent.
The OS X keychain is essentially an easy-to-use ssh agent.
You can do the same thing on Linux, but you would have to enter your passphrase each time you started ssh-agent. The OS X keychain stores your passphrase so you only have to enter it once. The only way to have what you describe would be to disable ssh-agent.
How to keep SSH connections alive
You can do that but that gets us right back to where we started with your concern about "open access to the root of our server without any kind of password". That is a server problem, not an OS X problem. How does one get to the root of your server? Only standard users should have access to your server. Those standard users may be able to su into a sudoer, if they know the password for said sudoer user.
Only then can they act as root with the root password or an appropriately configured sudo. I do have to agree with etresoft, it does feel like you are chasing solutions to a problem created by the issue of having root access open to ssh. More Less.
Connect to a server by using SSH on Linux or Mac OS X
Communities Contact Support. Sign in Sign in Sign in corporate. Browse Search. Ask a question. User profile for user: cmscss cmscss. Desktops Speciality level out of ten: 1. Hi There, Title says it all really - is there a way to force OSX to ask for a ssh passphrase each time it's accessed?
Cheers Ben. Question marked as Solved User profile for user: cmscss cmscss. For anyone wondering, these are the steps that worked for me: Open Terminal Unload the ssh-agent. View answer in context.
- bao thy mac quan ngan.
- mac os x eject usb drive.
- Connect to a server by using SSH on Linux or Mac OS X;
- Toying with the OS X ssh-agent.
- Web Hosting.
- Change IP. Stay connected..
Helpful answers Drop Down menu.