Creating, using and managing SSH keys

Create a new key for your machine

ssh-keygen -t rsa

CHOOSE A STRONG PASSPHRASE, EMPTY PASSPHRASE == BAD

If someone has access to your machine via social engineering or tech exploit, your key can be stolen and used to login in all the machines and services without password.

Install your key on the machines where you need to log in

Handy function to put in your shell config

In your shell resource file (~/.zhrc, ~/.bashrc,...) add the following function:

ssh-install-key() {
    cat ~/.ssh/id_rsa.pub | ssh ${1} "cat - >> ~/.ssh/authorized_keys"
}

Now you can install your main key, id_rsa.pub, directly to a target machine:

ssh-install-key username@super.server.nl

Using your keys

With keychain

Keychain is a software that will keep track of which keys are available in your system and will only ask your passphrase once per session instead. It is a front-end to ssh-add and ssh-agent.

Add the following in your shell resource file:

if [ -e ~/.ssh/id_rsa ]
then
    keychain --quiet --nogui ~/.ssh/id_rsa
    . ~/.keychain/${HOSTNAME}-sh
fi

Now restart your session and you will be prompted, once for your passphrase. After that you can directly ssh/scp to the machines where your installed your key and you will not be prompted for any passwords!

ssh username@super.server.nl

Using aliases for your SSH connections

To make your life even easier you can edit (create if non existent) the ~/.ssh/config file to create Host SSH aliases for the machines you need to connect to. You can also pass all the SSH options you might want to add, for instance:

Host super
    User username
    Hostname super.server.nl

Host super2
    User anotherusername
    Hostname super.serverl.nl
    Port 12345
    ForwardAgent yes

Now when you want to ssh/scp to your server you can just do the following:

ssh super