SVN+SSH, not having to do ssh-add every time? (Mac OS)
I know the answer is out there, but I'm pretty Unix-dumb and probably wouldn't recognize the solution if it hit me in the face.
I'm on a Mac, connecting to a SVN serve开发者_Python百科r via SSH tunneling. I have to ssh-add privateKey.txt
every time I want to connect to the SVN server (Both Cornerstone and Xcode are connecting to SVN).
Is there a way to "save" the key somewhere so I don't have to do this every time? Add it to my Keychain? Some config file? Start up script?
First, move your private key file into ~/.ssh
. This is not strictly necessary but it's the standard place for such things.
Then run ssh-add -K ~/.ssh/privateKey.txt
. It'll prompt for your passphrase if necessary, then add it to your Keychain.
After that, you shouldn't have to do anything else. A slightly longer explanation is available here.
Storing Passphrases in the Keychain
To store the passphrase for your default key in the Keychain open a Terminal and run:
ssh-add -K
And to store the passphrase for a different key run:
ssh-add -K /path/to/private/key/file
When prompted for your passphrase enter it and that is it.
You will never need to run ssh-add nor enter your passphrase again.
Answer taken from this site: http://www-uxsup.csx.cam.ac.uk/~aia21/osx/leopard-ssh.html
After much exploration, I think I've found the answer to this issue completely. First, make sure you do ssh-add -K ~/.ssh/your_key_here
. This adds the key to your keychain. Some places, I have read that this is enough, but I wasn't certain. This is also mac-specific, so if you need to do this on another unix flavor, you won't have this option necessarily.
For good measure, I edited the ~/.ssh/config
file (you may have to create it) to point to all the keys I have. Mine has the following:
IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
IdentityFile ~/.ssh/my_other_identity_here
IdentityFile ~/.ssh/yet_another_identity_here
According to the man page for ssh_config, it will try these in order. I'm not sure if the first three default ones I have listed need to be there, but I have included them anyway.
Since macOS 10.12.2 you can use the UseKeychain
option.
Read more here or look into man ssh_config
.
UseKeychain
On macOS, specifies whether the system should search for passphrases in the user's keychain
when attempting to use a particular key. When the passphrase is provided by the user, this
option also specifies whether the passphrase should be stored into the keychain once it has
been verified to be correct. The argument must be ``yes'' or ``no''. The default is ``no''.
So just do the following:
echo "UseKeychain yes" >> ~/.ssh/config
I don't have much experience with macs, so not sure if this version is ok for your, but have a look at http://www.phil.uu.nl/~xges/ssh/
If this particular app doesn't work, that's what you're looking for anyways - ssh agent
. On unix-like boxes, you'd want to start your whole window manager through that, to get the global effect, but it might not be possible in osx.
Some more info: http://www-uxsup.csx.cam.ac.uk/~aia21/osx/leopard-ssh.html
sshkeychain is one possibility. installs fine with macports using:
sudo port install sshkeychain
it uses the keychain to store passwords, and you may simply launch it at the start-up of your login session (using at the first launch the usual right-ght click in the dock's icon + "launch at startup")
Note that Apple's svn uses keychain to store passwords but not necessarily the svn binary you would build with macports.
Add your key to the keychain by running:
ssh-add -K ~/.ssh/id_rsa
and edit your ssh config (~/.ssh/config
) file to automatically load keys from the key chain to the ssh-agent (AddKeysToAgent yes
option) and store passphrases in the keychain (UseKeychain yes
option):
Host *
AddKeysToAgent yes
UseKeychain yes
精彩评论