[csw-maintainers] SSH keys and security on the buildfarm

Wed Mar 2 11:26:50 CET 2011

Hi folks,

I have a small snippet here that makes use of passphrases
for the ssh key pretty easy:

1. Set passphrase on the key
     ssh-keygen -p -f .ssh/id_dsa

2. Add this to your .zshrc (or the respective file for your favorite shell):

# executed for interactive shells
if [ "x$HOSTNAME" = "xlogin" ]; then
  if [ -f ~/.ssh-agent ]; then
    source ~/.ssh-agent
  fi

  if [ -z "$SSH_AUTH_SOCK" -o ! -w "$SSH_AUTH_SOCK" ]; then
    if read -q '?Start ssh-agent? (y/n) '; then
        ssh-agent -s >~/.ssh-agent              && \
            source ~/.ssh-agent                 && \
            ssh-add
    fi
  fi
fi

3. Make sure the ssh agent information is forwarded to trusted machines
   (echo "Host current*"; echo "\tForwardAgent yes") >> ~/.ssh/config

This is also documented at the bottom of
  http://wiki.opencsw.org/buildfarm

Best regards

  -- Dago