- ssh-agent-filter on Linux Mint 20.3 «Una»
- 2. Uninstall / Remove ssh-agent-filter package
- 3. Details of ssh-agent-filter package
- 4. References on Linux Mint 20.3 «Una»
- 5. The same packages on other Linux Distributions
- как настроить ssh-agent
- ssh-agent: How to configure ssh-agent, agent forwarding, & agent protocol
- Contents
- Starting ssh-agent
- Adding SSH keys to the Agent
- SSH Agent Forwarding
- Running ssh-agent
- Further Reading
- Suggestions for SSH Client in Linux Mint
ssh-agent-filter on Linux Mint 20.3 «Una»
Please follow the steps below to install ssh-agent-filter package:
2. Uninstall / Remove ssh-agent-filter package
This guide covers the steps necessary to uninstall ssh-agent-filter package:
3. Details of ssh-agent-filter package
Package: ssh-agent-filter
Architecture: amd64
Version: 0.5.2-1build2
Multi-Arch: foreign
Priority: extra
Section: universe/net
Origin: Ubuntu
Maintainer: Ubuntu Developers
Original-Maintainer: Timo Weingärtner
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 237
Depends: openssh-client, libboost-filesystem1.71.0, libboost-iostreams1.71.0, libboost-program-options1.71.0, libc6 (>= 2.28), libgcc-s1 (>= 3.0), libnettle7, libstdc++6 (>= 9)
Recommends: ssh-askpass, whiptail | dialog, zenity
Filename: pool/universe/s/ssh-agent-filter/ssh-agent-filter_0.5.2-1build2_amd64.deb
Size: 65416
MD5sum: 596c9092c0ee63ba8693e0b88a44e324
SHA1: ff0e8b4ae4beaf5bf1a705bdb2ada23fe72dbf86
SHA256: f461e08f5ea489990a4367b8bd7ae353249601fb60af9e7e9e8e9c6b12f30c93
Homepage: https://git.tiwe.de/ssh-agent-filter.git
Description: filtering proxy for ssh-agent
Description-md5: b7368babd76b3e8e6a52a18038158f70
4. References on Linux Mint 20.3 «Una»
5. The same packages on other Linux Distributions
ssh-agent-filter (0.4.2-1build1) Ubuntu 18.04 LTS (Bionic Beaver)
ssh-agent-filter (0.4.1-1) Ubuntu 16.04 LTS (Xenial Xerus)
ssh-agent-filter (0.5.2-1build3) Ubuntu 20.10 (Groovy Gorilla)
ssh-agent-filter (0.5.2-1build4) Ubuntu 21.10 (Impish Indri)
ssh-agent-filter (0.5.2-1build4) Ubuntu 22.04 LTS (Jammy Jellyfish)
ssh-agent-filter (0.5.2-1) Debian 10 (Buster)
как настроить ssh-agent
Есть множество способов настроить ssh-agent в Linux. Приведу самый удобный для себя, который нашел относительно недавно.
Для начала, напишу зачем нужен ssh-agent. Представим, что у вас есть несколько ssh ключей, каждый ключ защищен паролем (да, лучше запароливать ключи). Вы решаете соединиться с каким-то сервером и при каждом соединении ssh клиент просит ввести пароль. Неудобно, не так ли?
А что, если вы хотите соединиться с несколькими серверами по цепочке или же скачать какой-то приватный git репозиторий на удаленном сервере? Придется загружать туда свой приватный ssh ключ. Опять неудобно.
Вот тут на выручку и приходит ssh-agent, он же агент ssh. Он безопасно хранит в памяти все ваши ключи, не требует пароль постоянно, и его можно пробрасывать на удаленные сервера без особых усилий (ssh -A).
Как же включить и настроить его?
Для начала убедитесь, что он установлен в системе (на примере Debian-based систем), скорей всего он уже установлен:
sudo apt-get update sudo apt-get -y install openssh-client
ssh-agent идет в комплекте с ssh клиентом, удобно.
Далее пропишите в ~/.profile следующую строку:
Почему в ~/.profile ? Потому что нам достаточно запустить агент всего лишь единожды для сессии, можно конечно запускать их на каждый bash процесс и т.п., но это излишне.
Что значит эта команда? Она запустит ssh-agent, который выдаст необходимые переменные окружения для shell, которые будут экспортированы во все shell процессы пользователя.
Проверить эти переменные можно вот так:
└─$ env | grep SSH_ SSH_AUTH_SOCK=/tmp/ssh-Hg0DgkE9cvLu/agent.2346 SSH_AGENT_PID=2347
Мы запустили ssh-agent, но этого еще недостаточно, он ничего не знает про наши ssh ключи. Добавим же их в него. Для этого отредактируем ~/.ssh/config , если у вас его нет, то создайте. Вот сокращенный пример моего конфига:
Host * ForwardAgent yes AddKeysToAgent yes IdentityFile ~/.ssh/id_ecdsa IdentityFile ~/.ssh/id_rsa
Первой строкой мы указываем к каким хостам применять данную конфигурацию, как видно, ко всем.
Далее мы разрешаем проброс агента на удаленные сервера. Это не всегда безопасно, поэтому можете отключить эту опцию.
AddKeysToAgent yes самая главная строка, она добавляет ключи в агент, если ключ запаролен, то при любом первом подключении у вас будет запрошен пароль и далее сохранен на протяжении всей сессии.
Строки с IdentityFile указывают нужные мне ключи для использования клиентом ssh.
Вот и всё, для вступления изменений в силу достаточно в терминале выполнить . ~/.profile и попробовать подключиться к любому серверу по ssh, например:
Для проверки добавленных ключей в агент, выполните
└─$ ssh-add -l 256 SHA256:EdQaJRIu22tco6giujxrZhsVH44Io+8gkhfUjfj3lNI insider@localhost (ECDSA) 2048 SHA256:9wUbS3ZM8dHsmcRWc3ZBAeQqzN8kw+78grWFSEyL9To (RSA) 256 SHA256:Upg/EVhSYoErKdFBVvhKt50dxLJeZtUewn6bpGfQnnE insider@xps13 (ED25519)
ssh-agent: How to configure ssh-agent, agent forwarding, & agent protocol
The ssh-agent is a helper program that keeps track of users’ identity keys and their passphrases . The agent can then use the keys to log into other servers without having the user type in a password or passphrase again. This implements a form of single sign-on (SSO).
The SSH agent is used for SSH public key authentication . It uses SSH keys for authentication. Users can create SSH keys using the ssh-keygen command and install them on servers using the ssh-copy-id command.
Contents
Starting ssh-agent
On most Linux systems, ssh-agent is automatically configured and run at login, and no additional actions are required to use it. However, an SSH key must still be created for the user.
If ssh-agent is not automatically started at login, it can be started manually with the command
The ssh-agent command outputs commands to set certain environment variables in the shell. The commands output by default are compatible with /bin/sh and /bin/bash . To output commands for the C-shell ( /bin/csh or /bin/tcsh ), add -c .
The easiest way to check is to check the value of the SSH_AGENT_SOCK environment variable. If it is set, then the agent is presumably running. It can be checked by
Also, to allow key-based logins to servers, public key authentication must be enabled on the server. In OpenSSH it is enabled by default. It is controlled by the PubkeyAuthentication option in sshd_config .
Adding SSH keys to the Agent
By default, the agent uses SSH keys stored in the .ssh directory under the user’s home directory. The ssh-add command is used for adding identities to the agent. In the simplest form, just run if without argument to add the default files ~/.ssh/id_rsa , .ssh/id_dsa , ~/.ssh/id_ecdsa , ~/.ssh/id_ed25519 , and ~/.ssh/identity . Otherwise, give it the name of the private key file to add as an argument.
The following command will list private keys currently accessible to the agent:
SSH Agent Forwarding
Furthermore, the SSH protocol implements agent forwarding, a mechanism whereby an SSH client allows an SSH server to use the local ssh-agent on the server the user logs into, as if it was local there. When the user uses an SSH client on the server, the client will try to contact the agent implemented by the server, and the server then forwards the request to the client that originally contacted the server, which further forwards it to the local agent. This way, ssh-agent and agent forwarding implement single sign-on that can progress transitively.
A wonderful feature of the single sign-on provided by SSH is that it works independent of organizational boundaries and geography. You can easily implement single sign-on to servers on the other side of the world, in cloud services, or at customer premises. No central coordination is needed.
To use agent forwarding, the ForwardAgent option must be set to yes on the client (see ssh_config ) and the AllowAgentForwarding option must be set to yes on the server (see sshd_config ).
Running ssh-agent
The ssh-agent command is usually run from initialization scripts at login, such as from /etc/X11/Xsession.d/90×11-common_ssh-agent on Linux Mint LMDE. Alternatively, any user can configure it to be run from, e.g., the user’s ~/.xsession file or ~/.profile .
The agent outputs environment variable settings that this puts in place. The SSH_AUTH_SOCK environment variable is set to point to a unix-domain socket used for communicating with the agent, and the SSH_AGENT_PID environment variable is set to the process ID of the agent. To get the environment variables set in the user’s shell environment, the agent is usually run with something like the following:
The ssh-agent command accepts the following options:
-a bind_address
Forces to bind the Unix domain socket to the given file path, instead of the default socket.
Forces generation of C-shell commands on stdout. By default the shell is automatically detected.
-E fingerprint_hash Specifies which algorithm to use for generating SSH key fingerprints. Valid values include md5 and sha256 .
Kills the currently running agent.
Forces generation of Bourne shell ( /bin/sh ) commands on stdout. By default the shell is automatically detected.
Specifies a maximum number of seconds that identities are kept in the agent. The value is in seconds, but can be suffixed by m for minutes, h for hours, d for days, and w for weeks. Without this option, the agent keeps the keys in its memory as long as it runs. This can be overridden when running the ssh-add command.
Further Reading
Suggestions for SSH Client in Linux Mint
It is considered bad practice to passwords for SSH. Instead you create a public/private key pair for your client and register the public key on the server. You can use an SSH agent (available on linux mint, and MobaX) to load your private key ready for use.
The short version is that you create your private key:
Keep the default location. This will create your private key id_rsa and public key id_rsa.pub .
Then you copy the contents of your newly created id_rsa.pub onto your server. add it to the file ~/.ssh/authorized_keys creating a new authorized_keys file if one doesn’t already exist.
You really don’t need an alternative to MobaX for linux mint. MobaX is there to mimic what you already have under most linux distributions. Just open a terminal (command line) and type:
By default, MabaX wants to use a key agent and forward the X server to allow you to open windows:
# do this once to start the agent and add your private key from ~/.ssh/id_rsa ssh-add # Then to connect to your server ssh -AX user@remotehost
remember to replace user and remotehost which your actual details.
Based on your comment there are a couple of other tools to look into:
- Mint should have an equivalent to windows shortcuts (most likely named «launchers», though I’m not a mint user). You should be able to create one which automatically opens a terminal running ssh to your favourite host.
- Filezilla — This will let you work with SCP and drag and drop files to / from your server
- SSHFS — This will go further and let you mount SCP letting you edit files on your server in your favourite editor
Thanks for the answer. But, quoting from your answer ‘Just open a terminal (command line) and type’, is the stage I was hoping to automate with a single click. Another functionality of MobaX is I can just open a code file from the file-browser window with local editor such as VS Code, edit and save. It will be instantaneously updated on the remote. I know, a shell ninja can probably be more productive doing this with Vim, but I like the ease of Mobax and wish I could do it on a Mint or Ubuntu desktop.
Okay I’ve edited, I think you’ll find using a terminal more intuitive than you believe for basic SSH access. Definitely checkout SSHFS as this will let you use VS Code directly with files on a remote file system over SSH.
You can also use the remote development plugin for VS Code, just to offer yet another alternative solution: code.visualstudio.com/docs/remote/ssh.
You can create a desktop shortcut that opens an SSH session in a terminal emulator for you. No need for another SSH client.
First of you’ll still want to create an SSH keypair, like @Philip Couling suggests. It’s more secure than a password, and you won’t have to type it in every time you connect (One of the few cases where the convenient solution is also more secure).
Create a new file on your desktop with a file name ending in .desktop .
[Desktop Entry] Type=Application Name=SSH Exec=gnome-terminal -e "/usr/bin/ssh username@remotehost" Terminal=false Categories=Network
Make sure to change username@remotehost for the actual details. Feel free to change the Name and Categories fields to suit your needs. You can see the list of available categories here, and a list of the other options available here
If you want it to show up in your applications menu, you can install the shortcut using sudo desktop-file-install myserver.desktop (Changing myserver.desktop to the name of the file you created).
You can probably make this file in a more clever way, but I don’t use Mint or GNOME, so I wouldn’t be able to test it. If someone can make it better, feel free to edit in your improvements.