Top Solution of the day:
SSH keys are very useful for people who work with multiple servers every day.
How do keys work:
Simply, you generate yourself a key:
ssh-keygen -t dsa -C "Comment-goes-here"
The ssh-keygen is an application that generates and manages authentication keys.
You can see the full manual here.
The -t means type of the key, and the -C is the comment, which in most cases is your Name. This way people will know whom does the key belong to.
Afterwards, you will see a request where to have the file saved.
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
The default location is the id_dsa file under the home folder of the account inside .ssh folder. Then you need the password for the key:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
You will see the key generated and the information:
Your identification has been saved in /home/user/test.
Your public key has been saved in /home/user/test.pub.
The key fingerprint is:
47:66:a5:86:56:6c:93:9f:d4:d4:9d:60:0a:1b:7e:9a test
Then you have a key pair (public and private keys). The private key has no extension and the public key has the .pub extension. The private key is used by you and the public one has to be imported in the /root/.ssh/authorized_keys file of the servers you are connecting to. It is advised that you import the key without any text editors but with the following command:
cat id_dsa.pub >> .ssh/authorized_keys
Note: you need to upload the file to the server first, or e-mail it to the administrator.
The next part is for advanced users and requires basic knowledge of ssh-agent and ssh-add.
Automatization of SSH keys and Identity Addition:
Provided that you already have the key installed, you need to make your terminal work with it. Here the common tutorials advise that you add it everytime you create a new terminal. This is really annoying when you have to open over 10 terminals per hour.
Solution:
Make sure you have expect installed. If not, you can install it using some automation tool like apt-get for Ubuntu:
apt-get install expect
apt-get install expect-tcl8.3
Add the following lines to your .bashrc or .profile (depending on the distribution you use):
export SSH_AUTH_SOCK=/tmp/.ssh-socket
ssh-add -l 2>&1 >/dev/null
if [ $? = 2 ]; then
ssh-agent -a $SSH_AUTH_SOCK >/tmp/.ssh-script
. /tmp/.ssh-script
echo $SSH_AGENT_PID >/tmp/.ssh-agent-pid
fi
expect /home/user/.ssh/addem
Afterwards, create the file /home/user/.ssh/addem and write in it:
#!/usr/bin/expect
log_user 0
spawn ssh-add /home/user/.ssh/id_dsa [lindex $argv 0]
expect "Enter passphrase for /user/user/.ssh/id_dsa: "
send "password\r"
expect eof
Explanation:
Every time you start a new terminal / konsole you skip typing the ssh-agent, the lines for it and ssh-add and the identity key.
The .bashrc script starts the ssh-agent for you. Afterwards, the expect script is called to add the identity and provide the password for it. Everything is muted and you will get no spam in the terminal.
Variables of the scripts:
- change ‘user’ with your username everywhere in the scripts.
- change the path to the identity file in the /home/user/.ssh/addem file.
- change the password in the /home/user/.ssh/addem file.
