ohmyzsh/plugins/ssh-agent/README.md

3.5 KiB

ssh-agent plugin

This plugin starts automatically ssh-agent to set up and load whichever credentials you want for ssh connections.

To enable it, add ssh-agent to your plugins:

plugins=(... ssh-agent)

Settings

IMPORTANT: put these settings before the line that sources oh-my-zsh

agent-forwarding

To enable agent forwarding support add the following to your zshrc file:

zstyle :omz:plugins:ssh-agent agent-forwarding yes

helper

To set an external helper to ask for the passwords and possibly store them in the system keychain use the helper style. For example:

zstyle :omz:plugins:ssh-agent helper ksshaskpass

identities

To load multiple identities use the identities style (this has no effect if the lazy setting is enabled). For example:

zstyle :omz:plugins:ssh-agent identities id_rsa id_rsa2 id_github

NOTE: the identities may be an absolute path if they are somewhere other than ~/.ssh. For example:

zstyle :omz:plugins:ssh-agent identities ~/.config/ssh/id_rsa ~/.config/ssh/id_rsa2 ~/.config/ssh/id_github
# which can be simplified to
zstyle :omz:plugins:ssh-agent identities ~/.config/ssh/{id_rsa,id_rsa2,id_github}

lazy

To NOT load any identities on start use the lazy setting. This is particularly useful when combined with the AddKeysToAgent setting (available since OpenSSH 7.2), since it allows to enter the password only on first use. NOTE: you can know your OpenSSH version with ssh -V.

zstyle :omz:plugins:ssh-agent lazy yes

You can enable AddKeysToAgent by passing -o AddKeysToAgent=yes to the ssh command, or by adding AddKeysToAgent yes to your ~/.ssh/config file [1]. See the OpenSSH 7.2 Release Notes.

lifetime

To set the maximum lifetime of the identities, use the lifetime style. The lifetime may be specified in seconds or as described in sshd_config(5) (see TIME FORMATS). If left unspecified, the default lifetime is forever.

zstyle :omz:plugins:ssh-agent lifetime 4h

quiet

To silence the plugin, use the following setting:

zstyle :omz:plugins:ssh-agent quiet yes

ssh-add-args

To pass arguments to the ssh-add command that adds the identities on startup, use the ssh-add-args setting. You can pass multiple arguments separated by spaces:

zstyle :omz:plugins:ssh-agent ssh-add-args -K -c -a /run/user/1000/ssh-auth

These will then be passed the ssh-add call as if written directly. The example above will turn into:

ssh-add -K -c -a /run/user/1000/ssh-auth <identities>

For valid ssh-add arguments run ssh-add --help or man ssh-add.

Powerline 10k specific settings

Powerline10k has an instant prompt setting that doesn't like when this plugin writes to the console. Consider using the following settings if you're using p10k (documented above):

zstyle :omz:plugins:ssh-agent quiet yes
zstyle :omz:plugins:ssh-agent lazy yes

macOS specific settings

macOS supports using passphrases stored in the keychain when adding identities to the ssh-agent.

ssh-add --apple-use-keychain ~/.ssh/id_rsa ...

This plugin can be configured to use the keychain when loading using the following:

zstyle :omz:plugins:ssh-agent ssh-add-args --apple-load-keychain

Credits

Based on code from Joseph M. Reagle: https://www.cygwin.com/ml/cygwin/2001-06/msg00537.html

Agent-forwarding support based on ideas from Florent Thoumie and Jonas Pfenniger