ssh-agent is used to cache your decrypted private keys so you don't
have to type in your passphrase everytime you ssh, just when when first
login. There are some limitations that keep us from using it by itself,
like for cron when your not logged in.
To learn more about ssh-agent and its limitations read Daniel
Robbins article at IBM.
keychain is a ssh-agent front-end. It keeps a copy of ssh-agent
running all the time, even when you logout. Useful for cron. I
am not going to explain how ssh-agent and keychain work. The article
linked above has an excellent explaination.
This installation comes with SSH enabled. ssh-agent comes
with SSH.
I am currently using DSA authentication. Create a DSA key pair
and copy the public key to the server you need to access.
as $USER
$ ssh-keygen -t dsa
enter passphrase
again
$ scp ~/.ssh/identity.pub remotehost:~/.ssh/authorized_keys2
accually append it to the end
if ~/.ssh/authorized_keys2 already exsits
Install keychain
as root
# cd /usr/ports/security/keychain
# make install
as $USER
$ vi ~/.bash_profile
/usr/local/bin/keychain /home/$USER/.ssh/id_dsa
source /home/$USER/.keychain/[hostname]-sh
>/dev/null
~/.bash_profile is run every time you login.
The first line loads keychain and points to the private key to cache. You
will be prompt for the passphase if this is the first time you login or if
for some reason the PID was stopped (the server lost power).
The second line sets the environment variables needed by ssh-agent to prefrom
its function.
logout, login, enter passphrase
or
source ~/.bash_profile, enter passphrase