Rudolf Sykora
2013-03-08 18:02:43 UTC
I now see that 9 ssh-agent is really only to deal with passphrases of
the dsa/rsa keys.
Well, I seem to be wrong again. And have more questions...the dsa/rsa keys.
In linux, ssh-agent takes care about an (optional) passphrase which
was used to cypher
the public (and perhaps also private, I believe) keys (so that eg the
admin can't abuse these)
generated by ssh-keygen; these keys are usually stored under $HOME/.ssh.
What do I have to do in order to use "9 ssh-agent" (which uses
factotum) when I have
the keys already generated (and their public parts distributed) by
linux's ssh-keygen?
(Ie I have id_rsa and id_rsa.pub in .ssh; and I use a passphrase.)
Particularly, there is some information given in p9p's rsa(1):
----------------
Convert existing Unix SSH version 2 keys instead of generat-
ing new ones:
cd $HOME/.ssh
pemdecode 'DSA PRIVATE KEY' id_dsa | asn12dsa >dsa2
pemdecode 'RSA PRIVATE KEY' id_rsa | asn12rsa >rsa2
Load those keys into factotum:
cat rsa1 rsa2 dsa2 | 9p write -l factotum/ctl
----------------
but my keys are protected with a passphrase, so these commands do not
directly work. What must I do?
Finally, is there any reason to prefer the factotum way rather than the linux's
way just with ssh-keygen (with a passphrase) + ssh-copy-id + (linux's)
ssh-agent?
Thanks!
Ruda