View Single Post
Old 06-25-2009, 11:34 AM
mdella's Avatar
mdella mdella is offline
Registered User
Join Date: Mar 2004
Location: Scotts Valley, CA
Posts: 44
Already saw the post you referenced for finding the management of keys. However could not figure it out at all which prompted this email to begin with. Been going through menus and icons, etc. Nothing has popped up for me to figure this out.

So to answer a few of *your* question...

1. Why would I want to have differing order of keys...

I operate in an applogic environment (virtual environment with roots, managers, users, etc throughout). Depending on which aspect of the environment I try to log into to, I want it to try my "user" key first and log me in as a user on that machine. If that machine doesn't support user logins (these change all the time, its a virtual environment) then I want it to use my maintainer key. If the maintainer key doesn't work, then I need to use the root key for physical machine management.

If I do this in the wrong order, then I end up logging in as the wrong account and am given the wrong shell which could potentially be devistating if I do a physical command on a virtual machine or vice versa.

2. Why would I want to temporarily disable a key.

Look above. If I need to get out of a machine (virtual) and get back into it (maintainer) then I want to temporarly disable the user key so that it goes through the remainder of the list for that machine.

One thing that has been suggested is to create different login accounts on the session list, however as I mentioned, this is a virtual environment that constantly changes (well, once a week) so there are only a few entry points that virtually change into different OSs, pieces, etc. So I use a semi-complicated login piece to also manage what to do once on. Since its always changing, its a constant pain to keep changing names/ips of the entry point. Its hard enough to do this for one session account all the time much less three versions of the session account to handle three different entry methods.

3. Since I typically have 8-12 securecrt windows open at any one time with different environments, I want to know what keys I'm using at any one time in which environment. In the past, I never used the agent so this wasnt a problem, however in the "virtual" environments, agent key passing happens a LOT so I've started using this as I've gotten tired of entering my password over and over and over and...

Since I have so many open, the key ring never gets flushed when I'm done with one virtual environment and working on another. I then still have keys on my ring floating around for request which I don't want in some of these environments (since other customers have access to the localized ssh-agent as root within their containerized environments). This also leads to me wanting to know when my keys are asked for. If I'm doing something, no big deal. If I'm not doing something and the keys are requested, I'd like to know which sub-agent is pulling the keys.

I also have many X11 windows open as well through this environment so stopping securecrt to "flush" the agent list just really isn't possible. Some of these will be up and open for days or (if my machine doesn't crash) weeks.

As you can guess, the key ring can get loaded up with a LOT of keys for various environments so anything that can allow for realtime management of this list (add, delete, move position, how many requests, passes/fails, etc)

Does this help with your questions?

Marcos (beta tester since v2.0 :-)
Marcos Della
Data Center Cloud Architect

PGP Fingerprint: BDC7 AFFD E94F FA09 C839 9153 F5FF E128 3094 2B9E
Key ID: 0x30942B9E
Reply With Quote