How to use the command 'keychain' (with examples)
The keychain command is a tool that allows you to re-use SSH and GPG agents between logins. It helps to manage these agents and provides various options to list active keys, add timeouts, and more. This article will illustrate each of the following use cases for the keychain command.
Use case 1: Check for a running ssh-agent and start one if needed
Code:
keychain
Motivation: This use case is useful when you want to check if an ssh-agent is already running and start one if it is not. The ssh-agent is responsible for securely storing SSH keys and providing them for authentication when connecting to remote servers. By using this command, you can ensure that the agent is running before executing any SSH commands.
Explanation: The command keychain without any additional arguments checks for a running ssh-agent and starts one if it is not already running.
Example output:
Starting ssh-agent...
SSH_AUTH_SOCK=/tmp/ssh-Z2LfVTzQQ6aV/agent.5257; export SSH_AUTH_SOCK;
SSH_AGENT_PID=5258; export SSH_AGENT_PID;
echo Agent pid 5258;
Use case 2: Check for gpg-agent and ssh-agent simultaneously
Code:
keychain --agents "gpg,ssh"
Motivation: In some cases, you may want to check for both gpg-agent and ssh-agent at the same time. The gpg-agent is responsible for storing GnuPG keys and providing them for cryptographic operations. By specifying both agents, you can ensure that both are running before performing any operations that require them.
Explanation: The --agents option is used to specify the agents to check for. In this case, we are checking for both gpg and ssh agents. The gpg agent is used for GnuPG keys, and the ssh agent is used for SSH keys.
Example output:
Starting gpg-agent...
GPG_AGENT_INFO=/tmp/gpg-kKD2iv/S.gpg-agent:29959:1; export GPG_AGENT_INFO;
SSH_AUTH_SOCK=/tmp/ssh-Z2LfVTzQQ6aV/agent.5257; export SSH_AUTH_SOCK;
SSH_AGENT_PID=5258; export SSH_AGENT_PID;
echo Agent pid 5258;
Use case 3: List signatures of all active keys
Code:
keychain --list
Motivation: Sometimes, it is helpful to see the signatures of all active keys stored in the agent. This can be useful when debugging or verifying which keys are currently loaded.
Explanation: The --list option is used to list all the signatures of the active keys in the agent.
Example output:
00000000000000000000000000000000 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0...
Use case 4: List fingerprints of all active keys
Code:
keychain --list-fp
Motivation: When dealing with multiple keys, it might be necessary to identify them by their fingerprints. Listing the fingerprints of active keys helps in quickly identifying the desired key.
Explanation: The --list-fp option is used to list the fingerprints of all the active keys in the agent.
Example output:
SHA256:GzgoKSL6WqHh+3UOqWzINIH67p3f1DcRagUaHhz5B/o
Use case 5: Add a timeout for identities added to the agent, in minutes
Code:
keychain --timeout minutes
Motivation: Adding a timeout to identities added to the agent ensures that they are automatically removed after a certain period. This can enhance security by reducing the time period during which an agent holds sensitive keys.
Explanation: The --timeout option specifies the timeout value in minutes. The identities added to the agent will be automatically removed after the specified timeout period.
Example output: (No output. The timeout is set successfully.)
Conclusion:
The keychain command is a handy tool for managing SSH and GPG agents. It allows you to start agents if needed, check for specific agents, list active keys, set timeouts, and more. By understanding and utilizing the various use cases of this command, you can optimize your workflows and enhance the security of your key management.
