How to use SSH with RSA keys: (Hisham Mardam Bey || CodeWarrior || hisham@hisham.cc) ============================= So you ssh to several machines everyday, and you always get those annoying password promtps. You hate them, dont you? Well, I do too. And frankly I'd rather live without them. Thanks to RSA heys and ssh-agent we can live without having to memorize and enter a million passwords everytime a simple ssh session is required. So, the main idea here is that you have a private and a public key. Those keys will identify you and your machine on the remote machines. You private key is very important, an must be kept at the highest security level possible. The public key is "given" to the remote machine so you can simply handshake with it and login without suuplying a password. This public key can be used on all the machines which you need to log into at one point or another. This whole process starts by firstly generating a pair of public and private keys. This is accomplished by the following: [hisham@guardian hisham]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/hisham/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/hisham/.ssh/id_rsa. Your public key has been saved in /home/hisham/.ssh/id_rsa.pub. The key fingerprint is: 40:75:20:91:40:48:e2:91:2d:7d:ab:6d:ea:94:95:b0 hisham@guardian [hisham@guardian hisham]$ Having done that, we just generated a pair of public and private keys. I cant stress this enough, gaurd them well. They represent you and your machine. Right, now its time to get those keys into gear. The first thing we need to do is copy the public key over to the correct location on the remote server. That allows us to automatically get identified to the opposite machine we want to ssh or scp to. We'll copy it over using scp like this: [hisham@guardian hisham]$ scp ~/.ssh/id_rsa.pub hisham@hisham.cc:~/ id_rsa.pub 100% |************************| 225 00:00 [hisham@guardian hisham]$ Now that we have out public RSA key on the server, we should add it to the list of authorized keys, so we can use it. First ssh to the remote server, then: [hisham@guardian hisham]$ cat id_rsa.pub >> ~/.ssh/authorized_keys This will append the key to that file, allowing us to use it properly.At this point, we are basically done. All we need to do know is run ssh-agent and ssh-add to login remotely without being asked for a password. Basically, ssh-agent acts as a gaurd that will "automatically give" the password to the key once needed. So, anything that is to use the key without needing the password must be run "under" or "within" ssh-agent. The best bet to do this is: [hisham@guardian hisham]$ ssh-agent bash [hisham@guardian hisham]$ This basically puts us in a shell, which is entirely managed by ssh-agent. Hence, anything run in there will automatically be able to make use of the RSA key. The final step now is to add the password for that key, since we specified one when we created the key. [hisham@guardian hisham]$ ssh-add Enter passphrase for /home/hisham/.ssh/identity: [hisham@guardian hisham]$ Now you should be able to ssh or scp to the remote server directly without typing a password.