SSH Keys - A Huge Timesaver
Feb 25, 2009 02:06 AM Filed in: Computers
Remote access to servers is great, but I found myself spending more time entering passwords then working, especially with a perceived increase in the number of stalled file transfers.
I set up SSH keys on my computer to allow for passwordless navigation, and couldn’t be happier, this is an account of how I set it up on my MacBook Pro.
The initial steps must be run in the terminal application, and consist of generating a unique “lock” and “key”.
This prompts you for a location to save the file and a passphrase. The passphrase will be asked of you each time you log on and serves as a filter, so pick a strong one (I know, I said passwordless, just play along, this will be remedied below). Now, if you navigate to the folder where the keys were generated you should find a public key file.
The contents of
Now log on to the server and place the “lock” in the correct place.
Now paste the contents of
...but I said passwordless. To get around entering a passphrase, which is really just a password, each time I log in, I employed a “keychain” (here’s a link to the program I use: SSHKeychain). While open, this program will essentially enter your passphrase when prompted. The trick is that the “keychain” gets locked, so basically you control how tightly your keys are kept. Personally, I leave my keychain open all of the time, and simply control access to my machine (I’ve set up a lockout feature that is triggered both by a “hot corner” on my machine, and is also timed so that if my machine is idle more than a few minutes it is locked down). Install and configure your “keychain” and you should be able to log in without the annoyance of typing in a password.
I set up SSH keys on my computer to allow for passwordless navigation, and couldn’t be happier, this is an account of how I set it up on my MacBook Pro.
The initial steps must be run in the terminal application, and consist of generating a unique “lock” and “key”.
$ ssh-keygenThis prompts you for a location to save the file and a passphrase. The passphrase will be asked of you each time you log on and serves as a filter, so pick a strong one (I know, I said passwordless, just play along, this will be remedied below). Now, if you navigate to the folder where the keys were generated you should find a public key file.
$ cd .ssh$ ls id_rsa id_rsa.pub known_hostsThe contents of
id_rsa.pub need to be put onto the server you wish to log on to, so copy the contents by opening the file and copying all the text to the clipboard:$ vi id_rsa.pubNow log on to the server and place the “lock” in the correct place.
$ ssh $USER@$SERVER$ cd .ssh$ pico authorized_keys2Now paste the contents of
id_rsa.pub into this file, and this is key, make sure it appears on one line, I have found that it consistently breaks it up into about three lines, so make sure to edit appropriately. At this point, if you log out of the $SERVER and try to log back in, you should be prompted for your passphrase, rather then your password, and then you should be allowed on....but I said passwordless. To get around entering a passphrase, which is really just a password, each time I log in, I employed a “keychain” (here’s a link to the program I use: SSHKeychain). While open, this program will essentially enter your passphrase when prompted. The trick is that the “keychain” gets locked, so basically you control how tightly your keys are kept. Personally, I leave my keychain open all of the time, and simply control access to my machine (I’ve set up a lockout feature that is triggered both by a “hot corner” on my machine, and is also timed so that if my machine is idle more than a few minutes it is locked down). Install and configure your “keychain” and you should be able to log in without the annoyance of typing in a password.