Typing SSH passwords again and again can be a real pain. For example:
Lately I started to use Capistrano to deploy
my rails applications. If I want to set up the maintenance-page on the
server I’ll type
cap deploy:web:disable which of course
prompts me for the SSH password. Then I want to deploy my application
cap deploy and again will be prompted for the
password. Finally I have to
cap deploy:web:enable to remove
the maintenance page which as mindful readers might have guessed
already prompts for the password. This was just one reason for me to
set up SSH authentication keys. At first I was a little worried that
setting it up might be a bit complicated. Luckily I was disabused. If
you want to switch to key based authentication too follow these simple
The first thing you need is - of course - a pair of keys: your private
key and the associated public key. To generate both fire up our favorite
shell (for me it’s
bash) and type:
This will generate both keys and ask you where to store it. Usually the
default would be something like
accept the default by pressing return. Next you’ll have to enter a
password for your key and confirm it. Afterwards you’ve to tell the
server to accept your key on authentication. Do so by uploading the
public key to the server.
scp ~/.ssh/id_rsa.pub yourserver.com:~/.ssh/authenticated_keys2
If you want to add multiple keys, be sure to append it to the
authenticated_keys2 file and don’t overwrite it.
That’s all you have to do to switch to key based SSH authentication. Try to log in as usual by typing:
This will prompt you for your key’s password and log you in to your
server afterwards. “But wait! I’m still having to type my password every
time I want to log in!” you shout, and you’re right - up to now. What
you need to do is running
ssh-agent, adding your key and
typing your password.
ssh-agent will then ask for the
password and store it until you shut it down. You’ll have to do this
everytime you open up a new shell or put the commands into your i.e.
~/.bash_profile. Quite comfortable but we can do better.
There is a nice little tool called
keychain that will
smooth the process a little for you. It’s originally developed by the
Gentoo people but it’s available on other
linux distributions (as well as Mac OS X), too. Simply install it by
typing your system’s equivalent to
# Gentoo emerge keychain # Debian aptitude install keychain
and it’ll be available in no time. To set it up you need to put these
two lines in our
keychain ~/.ssh/id_rsa source ~/.keychain/$HOSTNAME-sh
That’s it. The first time you open up a shell
ssh-agent, prompt you for your keys password and
remember the running
ssh-agent for all new shells. On your
next SSH authentication no more password typing is required. Wasn’t
complicated at all, was it?
Update: Thanks to Michael for
pointing out that the public key file is named
id_rsa. Fixed it.