12th Jul 2006

How-To: Use SSH Keys and SSHKeychain for Passwordless Logins

There’s a few tutorials floating around on the internet on how to use ssh keys to login to your servers without having to type your password each time. It’s a very useful thing to do but sadly none of these tutorials are Mac OS X specific. Therefore, I thought I’d help out my Mac OS X native friends (Hi James!) and provide one that leverages the value of SSH keys using SSHKeychain.

The whole process is pretty simple: You create your SSH keys using ssh-keygen on your home computer, then upload your public key to the servers you wish you use passwordlessly, set up SSHKeychain, and you are golden. Let’s get to it.

To create your SSH keys use the following command and follow the on screen instructions, although you can leave the file name blank, since the defaults are fine:

ssh-keygen -t dsa

I can’t recommend using a blank password, because hey, it just seems dodgy. After you do that, two new files have been created in ~/.ssh/, id_dsa and id_dsa.pub. As you probably guessed, id_dsa.pub is your public key. Upload it to the servers you want to access it using scp, and place it in ~.ssh/authorized_keys2:

scp ~/.ssh/id_dsa.pub yourserver.com:.ssh/authorized_keys2

Since this is probably your first time setting up ssh keys, that file most likely won’t already exist, although it would probably be worthwhile to check if it does, and simply append your id_dsa.pub file to it if necessary.

Special note: My awesome web host, nearlyfreespeech.net, has a different method of handling public SSH keys. I needed to send them my public key in a service request for it to be added to their private database, which was no problem, but different than usual. If your having trouble logging in without a password, try asking your server guys what’s up first.

Now usually what we would have to do is start ssh-agent (which handles our key exchanges for us), tell it to add our new keys, and then use the shell it provides us with. Although this could be added to your shell login file, there is a much easier and more convienent way in Mac OS X.

Enter SSHKeychain. This app basically loads ssh-agent for you all the time, so you don’t have to worry about it, as well as other nice little things. And it’s free. Go OSS! Install this app (download, mount, copy, trash the dmg, you know the drill), set up the prefs (I have it appear only in the menubar for dock cleanliness), and go into the environmental tab and turn on “Manage global environment variables”. Log out and log back in, and you should now be able to ssh into your without being prompted for a password! Just keep that id_dsa file nice and secure, eh? ;)

Next up, I’m going to cover how to use SSHKeychain to setup and use SSH tunnels.

This is my first tutorial (or even real article) on this blog, so if you have any comments, suggestions, or corrections, please feel free to email me at patrick @ this domain.

This entry was posted on Wednesday, July 12th, 2006 at 10:03 pm and is filed under how-to. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “How-To: Use SSH Keys and SSHKeychain for Passwordless Logins”

  1. July 13th, 2006 at 6:10 am James Says:

    Works like a charm!

    Another neat SSH trick to save you typing is that of the SSH config file and hosts. In your ~/.ssh/config file, try adding the following:


    host
    Hostname
    Port 22
    ForwardAgent yes
    ForwardX11 no

    I’m not entirely sure what the “ForwardAgent” option does, but it seems to do the trick =) Anyways, after this you can connect to a server like this:

    ssh [login@]alias

    Where login is optional.

  2. February 9th, 2007 at 2:08 am jim Says:

    How about SSHPassKey?
    http://www.codefab.com/unsupported/

  3. February 12th, 2007 at 9:00 pm patrick Says:

    SSHPassKey suffers from the same problem as the old SSHKeychain, that is to say it is non-universal. In addition, it’s even older than SSHKeychain.

Leave a Reply