I have always wondered why such a basic feature (loading ssh keys for persistent usage) requires a clunky command to execute in the background of a cmdline. Why isn't ssh-agent a service (for example) by default? I assume there might be a security reason, but I'm curious to get other thoughts.
Asked
Active
Viewed 394 times
2 Answers
0
If you use ssh-agent an attacker can get the unencrypted key from memory. See https://www.netspi.com/blog/technical/network-penetration-testing/stealing-unencrypted-ssh-agent-keys-from-memory/
Mark Wagner
- 18,019
- 2
- 32
- 47
0
If ssh-agent is not running by default, the packager and system administrator have not set it up for you. As this is a matter of personal preference and important to security, not enabled by default makes sense to me. How tos exist of how to set it up in many environments.
ssh-agent usage of printing out shell variables to evaluate is not typical of most programs.
Other ssh agents may be have a friendlier experience. For example, on the desktop there exists Gnome Keyring SSH Agent.
John Mahowald
- 32,050
- 2
- 19
- 34