Overview
Agents are programs that work in the background gathering information or performing small processing tasks. In SecureCRT, the implemented agent temporarily holds private keys for use with public-key authentication to multiple remote hosts.
Public-key authentication uses a public-private key pair to log on to a Secure Shell server . After you create your public-private key pair, you store your private key on your local machine and transfer your public key to the remote host to which you want to connect. If you want to connect to more than one remote machine, you must transfer your public key to each machine. Many users choose to encrypt their private key with a passphrase . To log on to all the machines in the example below, you would have to enter your passphrase three times; once each time you made a connection , even if the machines use the same public-private key pair.
Connecting to Multiple Hosts
If you use the SecureCRT agent, however, you only have to enter your passphrase when making the first connection. The agent holds your decrypted private key and authenticates any further connections to machines using the same public-private key pair.
Agent Forwarding
Agent forwarding is using the agent to connect to a remote machine through another remote machine (see the figure below).
Connecting Through a Remote Host
To connect to the destination machine without using the agent, you would have to transfer your public key to both the intermediate and destination hosts and you would have to store your private key on the intermediate machine as well as on your local machine.
With the agent enabled, it acts as your proxy in authenticating to the destination host and allows you to keep your private key on just the local machine.
Note: Agent forwarding will only work if all intermediate machines are OpenSSH agent protocol servers running SSH2 . Destination servers must be running SSH2 but do not have to be OpenSSH agent protocol servers.
Enabling the Agent
To enable the agent options follow these steps:
1. On the local machine, start SecureCRT.
2. Open the Global Options dialog, and select the SSH2 category.
3. To enable the SSH2 Agent, check the Add keys to agent check box in the Advanced group.
4. To enable agent forwarding on a global basis, check the Enable OpenSSH agent forwarding check box in the Advanced group and click on the OK button to save your settings.
5. To enable agent forwarding on a per-session basis, open the Session Options dialog and select the SSH2/Advanced category. Check the Enable OpenSSH agent forwarding check box in the Options group and click on the OK button to save your settings. This is a tri-state option; If this option is set to the tri-state value (square), the setting from the Global Options/SSH2 category will be used.
Flushing the Agent Cache
To delete the public keys from the agent's cache you will need to assign the SSH_FLUSH_AGENT command to a specified keyboard key. You can do this by following these steps:
1. From the Tools menu, select Keymap Editor...
2. Press the Map a Key... button and select the key that you want to associate with the SSH_FLUSH_AGENT command. This should be a key that is not already assigned or frequently used such as F2
or F11
for example.
. From the Function list, select SSH Function.
. From the SSH Function list, select SSH_FLUSH_AGENT and click the OK button.
. Save the keymap that you created and close the Keymap Editor.
. Restart SecureCRT using the new keymap.
. Press the key you chose to flush the agent cache.
Note: There will be no feedback letting you know that the agent cache has been flushed except that the previously cached public keys will not longer work.