<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<body bgcolor="#ffffff" text="#000000">
Chris G wrote:
<blockquote cite="mid:20080504081846.GA2324@th-shell-1" type="cite">
<pre wrap="">On Sun, May 04, 2008 at 04:04:32AM -0400, Cliff wrote:
<pre wrap=""> Should be fine. As I said ssh-agent gets installed when you install ssh.
However, if you are not using a service whether ssh or whatever then it
is probably best to turn it off.
You probably can't turn it off, not in any sort of proper
configuration driven way anyway. I wanted to turn it off on my system
and it appears to be hard coded into the xdm/gdm/kdm startup scripts.
ssh-agent will be started if it exists, you'd have to edit the scripts
to stop it.
For my situation ssh-agent is pointless, my desktop stays up all day
(both at home and at work) so once a password is entered into
ssh-agent anyone walking up to my machine can use the remote ssh logins.
Hence I just set up for passwordless login (i.e. public key) and
ignore ssh-agent, all ssh-agent does is add more hassle.
Here is what I found:
SSH Agent is a graphical front-end to some of the OpenSSH tools
included with Mac OS X. Specifically, it allows you to start an
ssh-agent, generate identities, and add identities to an agent.
Additionally, it allows you to make the ssh-agent global so that, e.g.,
Xcode can use it to do version control over SSH, and it has some
functionality to set-up a secure tunnel.
This is the website I got it from: <a class="moz-txt-link-freetext" href="http://www.phil.uu.nl/~xges/ssh/">http://www.phil.uu.nl/~xges/ssh/</a>
See also: <a class="moz-txt-link-freetext" href="http://en.wikipedia.org/wiki/Ssh-agent">http://en.wikipedia.org/wiki/Ssh-agent</a>
From what I understand, you would NOT want to remove it, if I read the
thread right. Granted, it may be a hassle.
It may be protecting your machine, unbeknown to you.
<pre wrap=""><!---->This is what I was trying to explain. I know what ssh-agent does, it
*tries* to make it simpler to use ssh by allowing you to enter the ssh
key once only for a session (as in X session). This means that you
don't have to enter your ssh key every time you use ssh to login to
What I was saying is that this doesn't add any security for me as my
sessions are left on all day (or even more) so once I had started up
and entered my ssh key for the session it's adding no security at all,
anyone with access to my machine could use my ssh connections. My
machines are in relatively secure environments and my ssh connections
don't hide any seriously secret information so I'm quite happy with
the level of (basically physical) security that I have.
For me using ssh public key authentication with no passphrase offers
the same level of security as would using ssh-agent and I don't have
to enter a passphrase at all. If someone has physical access to my
machine then they can see my keys (as I have no passphrase) but if
they have physical access to my machine and I'm running ssh-agent
although they don't get access to my keys they can use the ssh
connections anyway so it makes no significant difference.
ssh-agent is a useful utility in some circumstances but, in my
opinion, doesn't offer me much. It's a pity it can't be turned off
easily, if you don't use it then it does nothing but is one of those
processes that provokes threads like this one - "what's it for?".
Maybe the thread should be killed? <br>
If noting else, I learned what SSH-AGENT is <span
class="moz-smiley-s1"><span> :-) </span></span><br>