Using "keychain" for FreeBSD

Keychain is a really neat little application that makes OpenSSH's ssh-agent usable. ssh-agent (which comes with OpenSSH) is a utility program that reads your private ssh key, and stores it in memory so that it is used whenever creating an ssh connection. The problem is that you have to manually load it for it to work. And on top of that, every time that you load it, you have to enter your private passphrase.

Keychain takes care of all of that.

Keychain checks for any running ssh-agent, and attaches to it if found. Otherwise, it will execute it, and ask you for your passphrase. Now, whenever you open a new terminal, you won't have to enter your passphrase to use your private key!

This also works for the entire suite of SSH (scp, sftp, etc). So you can have a crontab entry that uses a scp call, and not have to use a key with an empty passphrase!

Below is a screenshot of keychain being setup on my FreeBSD workstation.


Once you've added your public key to your remote hosts' ".ssh" directory, you'll be able to log into your remote account without having to issue any passphrases!

Note: In the screenshot I type "killall keychain" which was wrong. I should've typed "killall ssh-agent".

Now I can log into my remote pine account by simply typing:

ssh -t username@remotehosts.com pine

Very handy.

Oh, and here's how I call keychain from my "~/.bashrc" script:

[p@bsd] ~ $ cat .bashrc
#!/usr/local/bin/bash

. /etc/profile

# start keychain
keychain id_dsa
. .keychain/bsd-sh

alias ls='ls -aFG'
alias pine='ssh -t username@remotehost.org pine'
[p@bsd] ~ $