SSH Agent

The SSH Agent handler enables the Secretless Broker to replace ssh-agent by providing similar functionality over a socket without exposing keys. Once running, export SSH_AUTH_SOCK to equal the path of your listener socket targeted by this handler.

Credentials

Option

Description

Required?

rsa or ecdsa

RSA or ECDSA private key

Required

comment

Free-form string Optional

lifetime

If not 0, the number of seconds the agent will store the key

Optional

confirm

Confirms with user before using, if true

Optional

Example

 
listeners:
  - name: ssh_agent_listener
    protocol: ssh-agent
    socket: /sock/.agent
handlers:
  - name: ssh_agent_handler
    listener: ssh_agent_listener
    credentials:
      - name: rsa
        provider: file
        id: /id_rsa

With the Secretless Broker running this configuration, use it in replacement of ssh-agent by exporting SSH_AUTH_SOCK:

 
$ export SSH_AUTH_SOCK=/sock/.agent
 
9.7