Overview
Agents are programs that work in the background gathering information or performing small processing tasks. In SecureCRT, the implemented agent temporarily holds private keys for use with public-key authentication to multiple remote hosts.
Public-key authentication The process of verifying that an individual truly is who he or she claims to be. Supplying a password is a very common method of authentication. The most secure method of authentication supported in SecureCRT is public-key authentication. See also: identity file, public-private key pair. uses a public-private key pair to log on to a Secure Shell server A computer program that provides services to other computer programs (called clients). Often the computer on which a server program runs is also called a server. The term host is often used as a synonym for server.. After you create your public-private key pair, you store your private key on your local machine and transfer your public key to the remote host to which you want to connect. If you want to connect to more than one remote machine, you must transfer your public key to each machine. Many users choose to encrypt their private key with a passphrase A password used to protect a private key from unauthorized use. It is recommended that a passphrase be assigned to all private keys to prevent unauthorized use, especially in environments where multiple individuals have access to the machine on which the private key files are stored. When using public-key authentication, a private key with an assigned passphrase will not be available if the correct passphrase is not supplied during the authentication process.. To log on to all the machines in the example below, you would have to enter your passphrase three times; once each time you made a connection A data path or circuit between two computers over a phone line, network cable, or other means., even if the machines use the same public-private key pair A pair of keys used with RSA or DSA authentication. The public key is usually kept in a file named Identity.pub, which is then transferred to the remote SSH server and appended to the user's authorized_keys file. Another file usually named identity contains both the public key and the corresponding private key. This file is kept on the local machine and is used by SecureCRT with public key or RSA authentication methods..
If you use the SecureCRT agent, however, you only have to enter your passphrase when making the first connection. The agent holds your decrypted private key and authenticates any further connections to machines using the same public-private key pair.
Agent Forwarding
Agent forwarding is using the agent to connect to a remote machine through another remote machine (see the figure below).
To connect to the destination machine without using the agent, you would have to transfer your public key to both the intermediate and destination hosts and you would have to store your private key on the intermediate machine as well as on your local machine.
With the agent enabled, it acts as your proxy in authenticating to the destination host and allows you to keep your private key on just the local machine.
Note: Agent forwarding will only work if all intermediate machines are OpenSSH agent protocol servers running SSH2 The second version of the SSH protocol which provides a way to encrypt network traffic between a client and a server, with a slightly different set of security features than the SSH1 protocol provides.. Destination servers must be running SSH2 but do not have to be OpenSSH agent protocol servers.
Enabling the Agent
To enable the agent options follow these steps:
1. On the local machine, start SecureCRT.
2. Open the Global Options dialog, and select the SSH2 category.
3. To enable the SSH2 Agent, check the Add keys to agent check box in the Advanced group.
4. To enable agent forwarding on a global basis, check the Enable OpenSSH agent forwarding check box in the Advanced group and click on the OK button to save your settings.
5. To enable agent forwarding on a per-session basis, open the Session Options dialog and select the SSH2/Advanced category. Check the Enable OpenSSH agent forwarding check box in the Options group and click on the OK button to save your settings. This is a tri-state option; If this option is set to the tri-state value (square), the setting from the Global Options/SSH2 category will be used.
Flushing the Agent Cache
To delete the public keys from the agent's cache you will need to assign the SSH_FLUSH_AGENT command to a specified keyboard key. You can do this by following these steps:
1. From the Tools menu, select Keymap Editor...
2. In
the Keymap Editor, select the key that you want to associate with the
SSH_FLUSH_AGENT command. This should be a key that is not already assigned
or frequently used such as F2
or F11
for example.
3. Press the Map Selected Key... button to open the Map Selected Key dialog.
4. From the Function list, select SSH Function.
5. From the SSH Function list, select SSH_FLUSH_AGENT and click the OK button.
6. Save the keymap that you created and close the Keymap Editor.
7. Restart SecureCRT using the new keymap.
8. Press the key you chose to flush the agent cache.
Note: There will be no feedback letting you know that the agent cache has been flushed except that the previously cached public keys will not longer work.