An even shorter passwordless ssh tutorial

12Jul2009 Filed under: Code, Technology Author: adam

Tags: SSH, Technology

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

My favorite passwordless ssh tutorial went offline, so here is my rehash of it.

Your server names will, of course, vary. Localhost is the machine you are currently on and, in my case, northisup.com is the server I’m SSHing into.

localhost$ ssh-keygen -t dsa
localhost$ cat ~/.ssh/id_dsa.pub | \
  ssh northisup.com 'cat >> ~/.ssh/authorized_keys; \
  chmod 644 ~/.ssh/authorized_keys; \
  cat ~/.ssh/authorized_keys'
localhost$ ssh username@northisup.com

If you are prompted for a password it should be the password entered in the first step.

This part:

chmod 644 ~/.ssh/authorized_keys

is the most common cause of problems, ssh requires authorized_keys not be group writable. Permissions are also important for the home directory on the server.

Now at this point you may be done, but if it is still asking for your key password (you will know because the password dialog is different from the standard ssh dialog) then you will have to set up an ssh-agent. I haven’t had to setup an ssh-agent in years; this is because many modern OSs like OS X and recent versions of Ubuntu have keychains that have properties indistinguishable from magic.

localhost$ ssh-agent code
localhost$ ssh-add ~/.ssh/id_dsa
localhost$ ssh username@northisup.com

This is effective only for your current shell. So if you open up a second instance of xterm you’ll have to do it again. Further more it doesn’t allow cron or other scripts, which frequently run in their own shell instances, to use passwordless ssh. To solve this we want to add the agent initalization to our .coderc file.

Edit ~/.bashrc and add the following at the end:

ssh_agent="$HOME/.ssh-agent.sh"
if [ -f $ssh_agent ] ; then
  source $ssh_agent > /dev/null
fi

Note that I pipe the output to /dev/null to stop the agent pid being echo’d which can break the pipe of some commands (sftp, for instance).

localhost$ ssh-agent > ~/.ssh-agent.sh

Either exit the shell and start a new one or

localhost$ source ~/.ssh_agent.sh
localhost$ ssh-add ~/.ssh/id_dsa
localhost$ ssh username@northisup.com

This time there should be no password!

While ssh-agent is running all your processes (including your cron jobs) shouldn’t need a password. However if ssh-agent dies or is killed things might go wrong since the old settings are left over.

No TweetBacks yet. (Be the first to Tweet this post)

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “An even shorter passwordless ssh tutorial”

x
July 13th, 2009 at 10:19 am

ssh-copy-id(1)
x
July 13th, 2009 at 10:24 am

eval $(ssh-agent)

Entries (RSS)
Comments (RSS)

About me, Adam Hitchcock

This is my little corner of the Internet, welcome to it. It is my sounding horn for my views on democracy, the environment, security, computers, and code which is beautiful. I like to ask questions and study the wisdom of the crowd, the democratization of information, and why things are different this time around. I am a dog person, and I have been a Mac user since before it was cool.

NorthIs..⇡