Setup
To set this up you first need to create an ssh identity on your local machine.
$ ssh-keygen -t dsa
Your user’s home will now have a .ssh subdirectory with the identity file (id_dsa) and the public key file (id_dsa.pub). Copy the contents of id_dsa.pub to <target server>/<username>/.ssh/authorized_hosts
You can automate this with the ssh-copy-id script.
$ ssh-copy-id -i ~/.ssh/id_dsa.pub user@host
Note: If you use a non-standard ssh port on the target–doesn’t everyone?–edit the script (/usr/bin/ssh-copy-id) at line 41:
{ eval "$GET_ID" ; } | ssh -p 12345 $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
You’re not quite there yet, but close.
If you try to ssh to your target now, you’ll be prompted for the local identity’s passphrase first. That’s a good sign; it means the target machine is accepting your public key authentication. You need to start a local ssh agent and add your identity to it.
(replace bash with your favorite shell)
$ ssh-agent bash
$ ssh-add
You’ll be prompted for the passphrase and the identity will be added to the ssh agent. The agent will use this identity’s authentication until you exit the shell where it’s running. (To avoid even this step, setup keychain.)
You can now ssh to your target machine without being pestered for a password or phrase of any kind.
$ ssh test@remoteMachine
When you can connect without being prompted for a password, you’re ready to go crazy with pssh.
Enjoy!
If you combine this procedure with pssh using the -A option, you can install all of your keys without having to enter the password multiple times.
THE Andrew Mcnabb?! Awesome.
Thanks for the tip. I’ll play with it. And thanks for maintaining pssh!
Pingback: pssh to manage multiple systems - What Now