SSH Agent

The SSH Agent service authenticator enables the Secretless Broker to replace ssh-agent by providing similar functionality over a socket without exposing keys. Once running, export SSH_AUTH_SOCK to equal the path of the socket targeted by this authenticator.

Credentials

Option

Description

Required?

rsa or ecdsa

RSA or ECDSA private key

Required

comment

Free-form string Optional

lifetime

If not 0, the number of seconds the agent will store the key

Optional

confirm

Confirms with user before using, if true

Optional

Example

 

version: "2"
services:
  ssh:
    protocol: ssh-agent
    listenOn: unix:///sock/.agent
    credentials:
      rsa:
        from: file
        get: /id_rsa

With the Secretless Broker running this configuration, use it in replacement of ssh-agent by exporting SSH_AUTH_SOCK:

 
$ export SSH_AUTH_SOCK=/sock/.agent
 
9.7