I got tired of typing my password after
ssh‘ing to remote servers. After some googling, I found the solution, the
ssh-keygen command and
ssh-keygen generates an rsa private/public key pair. Once you generate the keys, you’ll need to store the private key on your computer and the public key to the server.
ssh-copy-id command is used to copy the rsa public key onto the remote server. This command will also create the necessary file and change the necessary permissions to make this all work.
I followed a tutorial from Ramesh Natarajan (http://goo.gl/fX68N). I got stuck on trying to copy the public key to the remote server. I’m on a Mac and apparently
ssh-copy-id command is not built in. I found the Mac install (located at GitHub, MacPorts or Homebrew) and completed Ramesh’s tutorial. I was able to quickly connect to the remote server without typing in the password… How sweet is that?
All was good until I started to frequently connect to different servers. Ramesh’s tutorial covers a single rsa key pair. For security, it’s best to have a unique rsa key pair for each unique connection . After some searching, this can be accomplished by modifying the
ssh-keygen command and using the
config file located within the hidden
I first began by creating another unique rsa key pair:
ssh-keygen -f ~/.ssh/id_rsa_userA -C "userA @ server1"
-fflag specifies the filename of the key file. In the example, it is “
id_rsa_userA“. The private key will be “
id_rsa_userA” and the public key will be “
id_rsa_userA.pub". As you can see from the absolute path, the files will be locate in the home directory and within a hidden
-Cflag is for commenting. The string that follows will be appended to the end of the rsa public key. This helps when you copy the public key to the remote server — you’ll know it was copied because of the comment you provided.
The following is what you will typically see after you execute the previous line of code.
Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): [enter something complex] Enter same passphrase again: [confirm by entering it again] Your public key has been saved in /Users/username/.ssh/id_rsa_userA.pub. The key fingerprint is: 81:d4:12:cd:57:aa:42:47:12:de:4c:23:6a:34:62:78 userA @ somedomain.com The key's random art image is: +--[ RSA 2050]----+ | ..+0. | | .. . | | *.* | | +.o o | | .. + | | S. .. | | .. | | o + . . . | | . +o.oE+| +-----------------+
- After generating the rsa key pair, you have the option of entering a passphrase. You should do this! Check out this GitHub article on that (http://goo.gl/rR1ebp)
- The location of the public key is given.
- The fingerprint and random art image is also generated.
ssh-keygen command for the other connections. Be sure to keep the filename of the key file unique and the comment unique, as well as relevant to the connection.
ssh-copy-id to copy the public rsa key to the remote server. (Install via GitHub, MacPorts or Homebrew).
ssh-copy-id -i ~/.ssh/id_rsa_userA.pub userA@somedomain.com
-iflag allows you to specify the public key to upload.
- The last argument (
userA@somedomain.com) is the remote host connection info.
ssh-copy-idwill create the
authorized_keysfile if it doesn’t exist and append the public key (specified after the
~/.ssh/id_rsa_userA.pub"). It’ll also update various file and folder permissions.
- You will be required to type in the account password to access the remote server (note: this is not the “passphrase” you created at the beginning of the tutorial)
Test the connection again by ssh command:
Mac OS X will then ask for you to enter the “passphrase” you should have created when you used the
ssh-keygen command. It is important to check the “Remember password in my keychain” box. By doing this, you eliminate from typing in the “passphrase” every time you login to this specific server.
This step is not necessary, but once connected to the remote server, you can examine the
- Within this file, you should be able to see the long key, followed by the comment included when the
ssh-keygencommand was executed.
You should log out and try another
ssh connection to the same server. This time, the “passphrase” is saved by Keychain Access, so you shouldn’t have type it again. If all is well, you should be instantly connected to the remote server.
Repeat the public key transfer of all the remaining server connections.
Next is to store all the connection info into a
config file contained within the
.ssh folder. This will speed up connection to the remote servers by assigning shortcut names to each unique connection.
touch ~/.ssh/config vim ~/.ssh/config
- The file doesn’t exist, so I’m using
touchcommand to create the file.
- I’m using
Vimto input the connection info.
For demonstration purposes, the following contains basic connection info for two different accounts. There is a lot that you can put into the
config file, but I only limited it to basic connection info.
Host userA HostName somedomain.com User userA IdentityFile ~/.ssh/id_rsa_userA Host userB HostName anotherdomain.com User userB IdentityFile ~/.ssh/id_rsa_userB
Host userBis are used for pattern matching and applies the declarations that follow it (note the indentation of the lines that follow it).
Host userBare the names I choose for their unique connections. This will also be used when you remote connect to the server. It’s the shortcut name, so keep this name unique.
HostName anotherdomain.comstates the domain of the remote servers.
User userBstates the user account to the corresponding remote server.
IdentityFile ~/.ssh/id_rsa_userBstates the specific private rsa key.
- More info about what can go inside the
configfile can be found here http://goo.gl/FEF1a5 or by checking out the manual pages in terminal (
That’s pretty much it. You can then quickly connect to the remote server, without inputting any password by typing in the connection type (
sftp, etc) followed by the shortcut name as listed in the
config file — the one after “
Host“. Here are some connection examples: