Streamline SSH log in process

Published Monday November 20, 2006

First let’s streamline the log in to the Site5 server so we don’t have to keep typing in the password multiple times every time we deploy. To do this you will have to generate two private/public key pairs:

1. Local Development Machine: You will be generating a private/public key pair on the local development machine, sending over the public key, and adding that to the remote key list. This will eliminate the need for typing in the password every time you run a remote command; basically multiple times during a deployment.
2. Remote Server: You will be generating a private/public key pair on the server, and adding the private key to the allowed keys on the server. This is necessary because we will be using svn+ssh protocols to checkout the source on the remote servers.

Generating the Development Machine Public/Private Key Pairs

The Site5 server will have your public key, while you will keep your private key secretly in your ~/.ssh directory with only you having the permission to read it. So, let’s go ahead and create this key pair.

[test_user@dreamer config]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test_user/.ssh/id_rsa):
Created directory '/home/test_user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test_user/.ssh/id_rsa.
Your public key has been saved in /home/test_user/.ssh/id_rsa.pub.
The key fingerprint is:
56:b4:aa:2b:38:bd:ca:3a:73:53:5a:e1:ef:d3:2c:46 test_user@dreamer
[test_user@dreamer config]$

Once you have SSH public and private keys generated, let’s go ahead and beam it over to the Site5 server.

[test_user@dreamer ~]$ scp ~/.ssh/id_rsa.pub < your_user_name >@< your_domain.com >:~/.ssh/id_rsa_dev.pub
The authenticity of host ' (XX.XX.XX.XX)' can't be established.
RSA key fingerprint is ab:c4:d2:11:bb:ce:ed:5c:da:6a:3b:10:23:ad:e4:38.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ,XX.XX.XX.XX' (RSA) to the list of known hosts.
< your_user_name >@< your_domain.com >'s password:
id_rsa.pub                                                                                 100%  399     0.4KB/s   00:00
[test_user@dreamer ~]$

Now let’s ssh to the server and add the public key to the authorized keys file.

ssh < your_user_name >@< your_domain.com >
cat ~/.ssh/id_ras_dev.pub >> ~/.ssh/authorized_keys

Go ahead and logout from the server now. Once you have performed the above step, you have to start another shell using ssh-agent which will allow us to use the private key as long as the shell is alive but enter password only once. This is the part that I necessarily don’t like about how ssh-agent is implemented, but we’ll live with it for now :) You can replace

with your favorite shell.

[test_user@dreamer ~]$ ssh-agent bash
[test_user@dreamer ~]$ ssh-add
Enter passphrase for /home/test_user/.ssh/id_rsa:
Identity added: /home/test_user/.ssh/id_rsa (/home/test_user/.ssh/id_rsa)

From here on, every remote server that has your public key added to the authorized key file will allow you to login without any password. You can also see a list of the loaded keys by executing

.

Let’s try this password-less login with our Site5 account.

[test_user@dreamer ~]$ ssh < your_user_name >@< your_domain.com >
Last login: Fri Nov 17 01:47:57 2006 from whoever.your.isp.or.domain.tld
-bash-3.00$

How cool! :)

Generating the Remote Server Public/Private Key Pairs

Now let’s generate the key pair on the server. Go through the previous section if you are not sure what each command does.

SSH to the Site5 server

and execute the following commands. Note the pass phrase that you specify because you will need it later.

ssh-keygen -t rsa
... Go through the prompts and write down the pass phrase that you specify.
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Good, now that we have taken care of that, we will only have to type in a password once!