Previous Next Home ssh_key

Using ssh With Out Passwords

Notation
Variable Description
machine_local    Name of the machine where you will initiate ssh commands from.
password_local    Your ssh password on machine_local.
comment    A very short comment used to identify the ssh key pair used on machine_local.
type    The type of key pair that machine_local will use. This should be either rsa or dsa.
pid    The process id corresponding to the ssh-agent running on machine_local.
machine_remote    Name of the remote machine where ssh commands will be executed.
usr_remote   Your user name on machine_remote.
password_remote    Your login password on machine_remote.

Step 1: Create Key Pair
On machine_local execute the commands
     cd
     ssh-keygen -t 
type -C comment
In response to the prompt
     Enter file in which to save the key (
... .ssh/id_type):
hit return (to choose .ssh/id_type for you private key file). In response to the prompt
 
     Enter passphrase (empty for no passphrase):
enter password_local. In response to the prompt
 
     Enter same passphrase again:
enter password_local.

Step 2: Setup ssh-agent
The following bash script is a modification of a post on a cygwin mailing list:
 
#
# file where start_ssh_agent store environment variable values
SSH_ENV=${HOME}/.ssh/environment
#
# start a new ssh-agent
function start_ssh_agent {
     ssh-agent | sed > ${SSH_ENV} \
     -e 's/^echo /# &/'
     chmod 600 ${SSH_ENV}
     . ${SSH_ENV} > /dev/null
     echo "New ssh-agent pid = ${SSH_AGENT_PID}." 
}
# check if environment variable is set
if [ "${SSH_AGENT_PID}" == "" ]
then
     # check if file with environment variables exists 
     if [ -f "${SSH_ENV}" ]
     then
          . ${SSH_ENV} > /dev/null
     else
          start_ssh_agent;
     fi
fi
# make sure environment variable matches process id
if ! ps -ef | grep ${SSH_AGENT_PID} | grep 'ssh-agent' > /dev/null 
then
     start_ssh_agent;
fi
#
# get the fingerprint for the private key in .ssh
if [ -e .ssh/id_dsa ]
then
     id=`ssh-keygen -lf .ssh/id_dsa | sed -e 's/[^ ]* \([^ ]*\).*/\1/'`
fi
if [ -e .ssh/id_rsa ]
then
     id=`ssh-keygen -lf .ssh/id_rsa | sed -e 's/[^ ]* \([^ ]*\).*/\1/'`
fi
#
# make sure identity has been added to ssh-agent
if ! ssh-add -l | grep "$id" > /dev/null
then
     echo "Run ssh-add to add your identity to ssh-agent."
fi 
This script makes sure that the ssh-agent daemon is running. It also prompts you to run ssh-add if you have not already done so. Add this script to the shell initialization file $HOME/.bashrc so that it is run whenever you start a new shell.

You can check if this script is being run by first running
 
     ssh-add -D
to remove all the identities from ssh-agent. Then when you start a new shell, you should see the message
     Run ssh-add to add your identity to the agent.
If this script is not run automatically when a shell starts up, you can run it with the command
 
     source $HOME/.bashrc

Step 3: Store Password in ssh-agent
If the script above prints the text
     Run ssh-add to add your identity to the agent.
you should to run ssh-add to store a copy of your ssh password in the current ssh-agent. This is done by executing the command
 
     ssh-add
In response to the prompt
     Enter passphrase for 
... .ssh/id_type:
enter password_local.

Step 4: Copy Public Key
On machine_local execute the command
     scp .ssh/id_
type.pub user_remote@machine_remote:
In response to the prompt
     
user_remote@machine_remote's password:
enter password_remote.

Step 5: Authorization
On machine_local execute the commands
     ssh 
user_remote@machine_remote
In response to the prompt
     
user_remote@machine_remote's password:
enter password_remote. After the login response, enter the commands
     cat id_
type.pub >> .ssh/authorized_keys
     exit

Step 6: Test Authorization
On machine_local re-execute the command
     scp .ssh/id_
type.pub user_remote@machine_remote:
This time you should not need a password to complete this command. If scp responds
     Enter passphrase for key '
... .ssh/id_type':
run the script in Step 2 by executing the command
 
     source $HOME/.bash_profile
then run ssh-add, as described in Step 3 , and then try the scp command again.
Input File: ssh_key.omh