The following is a brief summary of some of the ssh agent information, related articles on the Internet has a lot of:
ssh login recommended way is to use a private key to log on. But if the time generated private key, set the password (passphrase), you need to enter a password every time you log a lot of trouble. Can be managed by ssh-agent private key, the private key is loaded into memory, after they no longer need to enter private key.
ssh-agent forwarding agent:
Requirements: runs on X machine ssh-agent agent to manage private keys; log on to the machine by X-Y machine ssh; ssh client on Y machine can also be used to make the ssh-agent on all machines managed by all X private key.
Principle: ssh client on Y machine will request a private key with the Y sshd server machine. Because already logged from X to Y, X client and the ssh sshd server on the Y even the rationale for a connection. Through this connection, the request is forwarded to the client ssh X, ssh-agent ultimately passed on to X. Results reverse transfer request back.
Without providing a password is a benefit of ssh-agent. In addition:
1, the upper side of such topologies can be directly used scp command to copy a file on a 1.237 to 1.15, in the machine performing scp [email protected]: /root/test.txt [email protected]: / root.
2, if the 1.237 behind the wall, accessible only 1.15 1.237; however for safety, can not be saved keys on 1.15, you can use this way - on top of the topology, you only need to log this machine has private other machines key; completely without other machines until the private key of a node. In this way, the machine can be used as a fortress machine (bastion) to safely manage all private key.
3, ssh-add there are other options available, -d to delete the private key has been added; -x lock shell and so on.
Reference links:
https://blog.csdn.net/zhouguoqionghai/article/details/92134462
http://www.zsythink.net/archives/2407/
Stay updated, more please pay attention cnblogs.com/xuyaowen