Testing usage notes for ssh-remote-agent

Man Page for Ssh-Remote-Agent

Typical Ssh-agent Usage Diagram
Ssh-Remote-Agent Usage Diagram

Notes for SRD Testing of Ssh-Remote-Agent

This is an introduction to the ssh-remote-agent program. This program will allow you to authenticate using a private key stored on a remote Linux machine to access other Linux machines, analogous to using ssh with ssh-agent (Manual Page for ssh-agent) (Example Use of ssh-agent).
The ssh-remote-agent client and server programs are installed on the pkirack machines in the /usr/local/bin directory. For testing purposes, pkirack2 is designated as the 'home' machine, pkirack1 is the 'secure key-server' machine, and pkirack3 & 4 are the 'remote' machines.

Using ssh-remote-agent

Log onto your 'home' machines, for this test pkirack2, using your kerberos login. Type the 'kdestroy' command to get rid of your kerberos tickets to force logins to use either passwords or the forwarded authentication socket.
Start the agent forwarding server on the 'secure' machine [pkirack1] using this command:
```
ssh-remote-agent -s pkirack1
      
```
Other command options are: -l to list the key, -k to kill the server, -d to delete the keypair, -h to print the command usage, or -n to generate a new key pair.
If a key pair doesn't exist on the secure machine, a new key pair is automatically generated. The RSA keys are stored in the .ssh/ssh-remote-agent subdirectory key-server machine.
This command also starts the client on the home machine, which authenticates using the private key connection to the secure machine. Commands to set up the environment variable SSH_AUTH_SOCK are printed. The ssh, ssh-copy-id, and ssh-add programs use this variable to locate the authorization service. To export the SSH_AUTH_SOCK variable to your shell, cut and paste the:
```
export SSH_AUTH_SOCK=/tmp/ssh-tMV0vC0SZC/agent.18308
```
line into your terminal window. This socket directory and file name are only examples and will be different for each instance of ssh-remote-agent.
Alternatively, use this command to automatically export the SSH_AUTH_SOCK variable to your terminal shell:
```
eval `ssh-remote-agent -s pkirack1`
```
The new keys can now be used to access the remote machine. To use the keys for authenticating to a remote Linux machine, you need to export the public key to another machine, either pkirack3 or pkirack4 (actually any machine that you have an account on and allows RSA keys for ssh), using the ssh-copy-id program:
```
ssh-copy-id pkirack4
```
This adds the public key to the .ssh/authorized_keys file.
Here are several example commands you can use to see if the authentication connection is working properly.
```
ssh pkirack4 'w; last|head; uname -a' 
```
```
ssh-add -l 
```
```
ssh-add -L 
```
While the programs are fairly robust, sometimes they get bolluxed up. In this case it's best to leave the processes running and IM joe_muggli@yahoo or email me.
You can stop the ssh-remote-agent and remote processes before logging out by using:
```
ssh-remote-agent -k
```
The processes will time-out after ten minutes.