Typing SSH passwords again and again can be a real pain. For example:
Lately I started to use Capistrano to deploy
my rails applications. If I want to set up the maintenance-page on the
server I’ll type cap deploy:web:disable which of course
prompts me for the SSH password. Then I want to deploy my application
with cap deploy and again will be prompted for the
password. Finally I have to cap deploy:web:enable to remove
the maintenance page which as mindful readers might have guessed
already prompts for the password. This was just one reason for me to
set up SSH authentication keys. At first I was a little worried that
setting it up might be a bit complicated. Luckily I was disabused. If
you want to switch to key based authentication too follow these simple
steps.
Key generation
The first thing you need is - of course - a pair of keys: your private
key and the associated public key. To generate both fire up our favorite
shell (for me it’s bash) and type:
ssh-keygen
This will generate both keys and ask you where to store it. Usually the
default would be something like ~/.ssh/id_rsa. Simply
accept the default by pressing return. Next you’ll have to enter a
password for your key and confirm it. Afterwards you’ve to tell the
server to accept your key on authentication. Do so by uploading the
public key to the server.
scp ~/.ssh/id_rsa.pub
yourserver.com:~/.ssh/authenticated_keys2
If you want to add multiple keys, be sure to append it to the
authenticated_keys2 file and don’t overwrite it.
First login
That’s all you have to do to switch to key based SSH authentication. Try to log in as usual by typing:
ssh yourserver.com
This will prompt you for your key’s password and log you in to your
server afterwards. “But wait! I’m still having to type my password every
time I want to log in!” you shout, and you’re right - up to now. What
you need to do is running ssh-agent, adding your key and
typing your password. ssh-agent will then ask for the
password and store it until you shut it down. You’ll have to do this
everytime you open up a new shell or put the commands into your i.e.
~/.bash_profile. Quite comfortable but we can do better.
Keychain
There is a nice little tool called keychain that will
smooth the process a little for you. It’s originally developed by the
Gentoo people but it’s available on other
linux distributions (as well as Mac OS X), too. Simply install it by
typing your system’s equivalent to
# Gentoo
emerge keychain
# Debian
aptitude install keychain
and it’ll be available in no time. To set it up you need to put these
two lines in our ~/.bash_profile:
keychain ~/.ssh/id_rsa
source ~/.keychain/$HOSTNAME-sh
That’s it. The first time you open up a shell keychain will
start ssh-agent, prompt you for your keys password and
remember the running ssh-agent for all new shells. On your
next SSH authentication no more password typing is required. Wasn’t
complicated at all, was it?
Update: Thanks to Michael for
pointing out that the public key file is named id_rsa.pub
instead of id_rsa. Fixed it.