Saving ssh Keys on Mac OS X Leopard
If you regularly log into lots of machines on external networks, it's a good idea to have SSH keys. Using ssh-agent, you can avoid having to type in a passphrase for each login. Helpfully, since the Leopard release on Mac OS X this functionality is built straight in, making your life even easier.Tip of the Trade: ssh-agent makes it possible to avoid having to type in a passphrase for each login. Helpfully, since the Leopard release on Mac OS X this functionality is built straight in.
The $SSH_AUTH_SOCK variable is set automatically (check this with echo $SSH_AUTH_SOCK). Then launched is used to listen for SSH connections and launch ssh-agent when needed. You're then challenged for your password (using a secure text field, another security advantage) and given the option of storing it in your keychain. If you choose to do this, you'll never need to type your key passphrase again. Just unlock your master keychain to access it.
Setting this up is straightforward. First, generate a keypair on your local machine:
ssh-keygen -t rsa -f ~/.ssh/mykey
Next, open up a connection to the remote machine and copy the contents of the local file ~/.ssh/mykey.pub to the remote file ~/.ssh/authorized_keys. This file can contain multiple keys, but each must be on a single line. Note also that both the ~/.ssh directory and the ~/.ssh/authorized_keys file must be readable (and executable in the case of the directory) only by that user.
Close the connection, then reconnect:
ssh remote.example.com -i ~/.ssh/mykey
You'll be challenged for your passphrase; tick the "save in my keychain" box. Then log out of the remote machine and back in for a third time, and this time you won't have to enter any password.
Next time you log onto your Mac, you'll be challenged for your keychain password the first time you use one of the keys in your keychain. After that, all keys saved in the keychain will Just Work, easing the pressure on your typing fingers.
Juliet Kemp has been messing around with Linux systems, for financial reward and otherwise, for about a decade. She is also the author of "Linux System Administration Recipes: A Problem-Solution Approach" (Apress, 2009).