Associating ssh public key with user account

ssh

How do I associate an ssh public key with a user account on the machine I connect to, so I don't have to type in the account password every time I make an ssh connection to that machine?

The machine being connected to is an older mini with Leopard installed. I assume that this is doable in Leopard, and I don't have to upgrade to Snow Leopard or Lion.

Best Answer

First, you create a public and private key (if you haven't done so already) on the machine from which you want to login:

ssh-keygen -t dsa

You only need to do this if there isn't already a ~/.ssh/id_dsa.pub file.

On Linux, there's the ssh-copy-id helper. On Mac, you need to copy the public key by hand:

Copy the generated public key to the target machine:

scp ~/.ssh/id_dsa.pub user@targetmachine:myPublicKey.pub
Login to the target machine:

ssh user@targetmachine
Append the public key to the authorized keys:

cat myPublicKey.pub >>.ssh/authorized_keys
You can now delete the copied key:

rm myPublicKey.pub
Done. You should now be able to login to your target machine without the need to enter a password.

Related Solutions

MacOS – Mac OS X Lion and sshpass

You should first file a complaint with the server's administration, observing that public key authentication is vastly more secure than simply a password, but I'll assume you've already done so, and your admins are simply idiots.

Apple sadly removed ssh-askpass when they integrated its functionality into ssh, scp, and ssh-add. There is however an SSHKeychain package that provides an ssh-askpass with an Apple-like Cocoa password prompt for macports' openssh package. It should fix your problems the way you want, perhaps even setting the SSH_ASKPASS variable for you.

Just fyi, I'd usually recommend against installing the openssh macports package itself because it break your Apple password prompt, but once you've installed SSHKeychain macports usually offers a more recent openssh than Apple.

There is nothing wrong imho with embedding passwords in scripts when the server disables public key authentication, i.e. if they cared about security, they should reenable public keys. There are even servers that intentionally break sshpass. You could access such machines using the following expect script :

#!/usr/bin/expect -f
set timeout -1
set send_human {.05 0.1 1 .07 1.5}
eval spawn $argv
match_max 100000
expect {
   -re "USERNAME@(\[0-9A-Za-z_\\-\\.\]+)'s password: "
     { sleep 0.1 ; send -- "PASSWORD\r" ; sleep 0.3 }
}
interact

You may speed up this script by reducing the sleeps and send_human delays.

Password dialog appears when SSH private key permissions are set to 0600

Make sure you have a corresponding id_rsa.pub or id_dsa.pub in your ~/.ssh directory.

When I had an id_rsa but not a corresponding id_rsa.pub, Mac OS X kept popping up the dialog and remember passowrd in my keychain did nothing.

cd ~/.ssh
ssh-keygen -y -f id_rsa > id_rsa.pub

generated the appropriate public key file for me.

If you already had your public file there (rename it to another name) and generate the public key again using the above command, you'll notice that the generated and the old one are not equal. Somehow the older versions of Mac OS X generated a public key that Lion does not like anymore, generating it again fixes that.

For the curious, the key is exactly the same, the part that changes is that there is no "comments" section after the key on the file any longer.

Best Answer

Related Solutions

MacOS – Mac OS X Lion and sshpass

Password dialog appears when SSH private key permissions are set to 0600

Related Question