[olug] basic SSH help

William E. Kempf wekempf at cox.net
Wed Mar 19 16:50:06 UTC 2003


>> I just downloaded and compiled openssh 3.5p1 on my Linux laptop and
>> one of my AIX boxes.  I have generated the public/private keys put the
>> public keys in the authorized_keys file on each box and I can ssh to
>> each just fine, but I get prompted for the passphrase.  How do I get
>> it so I'm not prompted for the passphrase?
>
> You have to run ssh-agent to "broadcast" the keys.  It's kind of a pain
> -- I use keychain (which I run in my .bashrc), which does a good job of
> managing it:
>
> http://www.gentoo.org/proj/en/keychain.xml

Keychain doesn't always start fast enough for me (especially on Cygwin),
so I don't place it in .bashrc.  Also, I find the sytnax a little
cumbersome in some cases.  So, I've created the following Bash script
(name it Keychain-add.sh and source it, i.e. you can't just run it, you
must use "source Keychain-add.sh" or ". Keychain-add.sh" which will define
a function keychain-add that you can then use like any other command from
then on... I do the sourcing in .bashrc):

function keychain-add()
{
        function usage()
        {
                cat <<EOF
Adds keys to the keychain/ssh-agent.

usage: keychain-add [options] [<key> ...]

options:
   --help, -h  Display this help message.
   --all, -a   Add all keys found in $HOME/.ssh.
   --quiet, -q Suppress all output.
EOF
        }

        function get-all-keys()
        {
                for k in $(find ~/.ssh -name *.pub)
                do
                  echo "${k%.pub}"
                done
        }

        typeset opts keys quiet
        opts=$(getopt -l help,all,quiet haq "$@")
        [ $? != 0 ] && return $?
        eval set -- "$opts"
        while [ $# -gt 0 ]
        do
          case "$1" in
                  --help | -h) usage; return;;
                  --quiet | -q) quiet="--quiet";;
                  --all | -a) keys=$(get-all-keys);;
                  --) shift; break;;
                  *) echo "unknown option: $1"; usage; return;;
          esac
          shift
        done
        : ${keys:="$@"}
        [ -z "$keys" ] && return -1
        keychain $quiet "$keys"
        agent=~/.ssh-agent-$(uname -n)
        [ ! -e $agent ] && agent=~/.keychain/$(uname -n)-sh
        . $agent
}

Now when ever I want to use ssh, once per session, I simply do:

$ keychain-add -a

or for a specific key:

$ keychain-add ~/.ssh/id_dsa

-- 
William E. Kempf




More information about the OLUG mailing list