Suppose I need to SSH into many systems and run a simple command on each. The problem is that I do not want to have to enter my password 50 times in a row to accomplish this. So I figure I will use RSA keys without a passphrase temporarily. My question is, is this standard practice to temporarily set your private key file to not have a passphrase for the purposes of running a non interactive script, at which point you would then set a very secure passphrase by way of ssh-keygen -p
command? Is there another way to accomplish this?
SSH into many systems with passphrase-less RSA keys
Securityssh
Best Answer
No. The standard practice is to use a key agent to store your passphrase. When using a key agent, you can enter your passphrase once, when adding the key to the agent, and afterwards the agent will provide it to ssh connections you initiate.
There are many tutorials on this. Here's the basic usage in a nutshell:
How it works, in a nutshell:
The
ssh-agent
command outputs some environment variables you need to set, so that programs (likessh
,scp
,rsync
and others) find thessh-agent
process. This output is ready to execute, to actually set the variables, and this is the purpose of theeval
statement.ssh-add
finds thessh-agent
process thanks to the configured environment variables, and adds the private key at the default location in your~/.ssh
directory. At this point you will be asked to enter the passphrase.After this, you will be able to
ssh
,scp
, and others to any server where your key is authorized, without having to re-enter the passphrase.