Tech Journal Back to Tech Journal

How can I avoid typing passwords in PuTTY and SSH over and over?

See http://www.mtu.net/~engstrom/ssh-agent.php#PuTTYGen, but basically this involves creating a key-pair and putting the public key on the server side in the ~/.ssh directory. This also works for getting CVS over SSH to work without having to type the password more than once per session.

Update:

  1. Create keys on CLIENT machine:
    $ ssh-keygen -t rsa
    which will create files in ~/.ssh, one with .pub and one without. the .pub is your public key.
  2. Copy/Append the contents of id_rsa.pub to ~/.ssh/authorized_keys in the SERVER machine.
  3. Verify that it works. You should have
    $ ssh you@example.com
    Enter passphrase for DSA key 'you@example.com':
  4. Run ssh-agent the commands it outputs are for the shell. copy & paste them, and run them.
  5. run ssh-add, enter passphrase, and you're done.
  6. If everything went well, you should consider adding to your .bash_profile file something to start ssh-agent up, and something to your .bash_logout to stop it:
.bash_profile:

	  SSHAGENT=/usr/bin/ssh-agent
	  SSHAGENTARGS="-s"
	  if [ -z "$SSH_AUTH_SOCK" -a -x "$SSHAGENT" ]; then
            eval `$SSHAGENT $SSHAGENTARGS`
	    trap "kill $SSH_AGENT_PID" 0
	  fi

.bash_logout:

        if [ ${SSH_AGENT_PID+1} == 1 ]; then
          ssh-add -D
          ssh-agent -k > /dev/null 2>&1
          unset SSH_AGENT_PID
	  unset SSH_AUTH_SOCK
	fi

For more information, see http://mah.everybody.org/docs/ssh.

Here's a script to set up SSH Agent:

#!/usr/bin/perl -w

my %config = (  sshdir => $ENV{'HOME'} . "/.ssh",
              );
$config{'keyfile'} = $config{'sshdir'} . "/auto_rsa";
$config{'authkeys'} = $config{'sshdir'} . "/authorized_keys";
$config{'bash_profile'} = $ENV{'HOME'} . "/.bash_profile";
$config{'bash_logout'} = $ENV{'HOME'} . "/.bash_logout";

# prep: create ~/.ssh
if (! -d $config{'sshdir'} ) {
    print "Creating SSH directory '" . $config{'sshdir'} . "'...\n";
    mkdir($config{'sshdir'}) || die "Error creating dir: $!";
}
# Create SSH (RSA) keys
print "Creating keys...\n";
system("ssh-keygen -t rsa " .
    " -f " . $config{'keyfile'} .
    " -q -P \"\"");

# Copy public key into the authorized keys
open(PUBKEY, $config{'keyfile'}.".pub")
    || die "Error opening '".$config{'keyfile'}.".pub': $!";
open(AUTH, ">>" . $config{'authkeys'})
    || die "Error appending to '" .$config{'authkeys'}. "': $!";
$_ = <PUBKEY>;
print AUTH $_;
close(AUTH);
close(PUBKEY);

# add commands into ~/.bash_profile
open(BASHPROFILE, ">>" . $config{'bash_profile'})
    || die "Error appending to '".$config{'bash_profile'}."': $!";
print BASHPROFILE <<EOD;
# AUTO ADDED BY SSHSETUP SCRIPT
# to start the SSH-agent
if [ -z "\$SSH_AUTH_SOCK" ] ; then
    eval `ssh-agent -s`
        ssh-add $config{'keyfile'}
        fi
# END AUTO ADDED BY SSHSETUP SCRIPT

EOD
close(BASHPROFILE);

# add command into ~/.bash_logout
open(BASHLOGOUT, ">>" . $config{'bash_logout'})
    || die "Error appending to '".$config{'bash_logout'}."': $!";
print BASHLOGOUT <<EOD;
# AUTO ADDED BY SSHSETUP SCRIPT
kill ssh-agent
ssh-agent -k

# END AUTO ADDED BY SSHSETUP SCRIPT
EOD
close(BASHLOGOUT);

This script is not safe! Running it more than once, or if you already have SSH agent set-up, might cause damage to your setup, or at the very least will add more cruft to your logon scripts

As for Windows, and the Pageant, you'll have to use the puttygen program to convert it from the OpenSSH key that the ssh-keygen generated. To that, run ssh-keygen and select "Load Private Key", and load the private key (not the file with the .pub extension.) And then press "Save Private Key", which will give you a .ppk file that Pageant will accept. See http://linux-sxs.org/networking/openssh.putty.html for more information.

Last updated on 2009-05-05 01:52:19 -0700, by Shalom Craimer

Back to Tech Journal