Save SSH password for use in "Terminal" (OSX or *Nix)

Any­one who runs hosted remote servers and has to log into remote ter­mi­nals for reg­u­lar use, it is vital to have short­cuts that allow for quick login. SSH2 is the rec­om­mended way.

On Win­dows, there is the fan­tas­tic SSH2 tool Secure­CRT. Or if you're cash crunched, a com­bi­na­tion of Putty and Putty Con­nec­tion Man­ager works for many.

On Mac OSX and Unix/Linux sys­tems, one doesn't truly need an SSH client at all, because the "Ter­mi­nal" appli­ca­tion is inbuilt. Peo­ple talk of iTerm and such, but I have still to see a value add for such tools.

But one does miss the con­ve­nience of Secure­CRT on OSX, because I have still to find a true Secure­CRT alter­na­tive for the Mac plat­form. Some­thing that allows me to make pre-determined con­nec­tions so I can just click on them to con­nect (which tools like Jel­ly­fiSSH do) and then logs me in directly with­out prompt­ing for a pass­word (which Jel­ly­fiSHH does not do).

So I have sim­ply made aliases in my [code].profile[/code] file, which gets exe­cuted every­time you start your Ter­mi­nal win­dow (so it's a good place to put your short­cuts and any code you wish to exe­cute when the ter­mi­nal starts, such as paths).

  1. Start the Terminal.
  2. Open the pro­file file for the cur­rent user (you).
  3. pico .profile
  4. Enter a new line for our shortcut.
  5. alias s='ssh -2 -p 22 [email protected]'

Quick expla­na­tion for that com­mand in step 3. The let­ter "s" is the short­cut I make for con­nect­ing to the / server. Change it to what you wish. This will mean that when I start Ter­mi­nal, all I need to do is type "s" and it con­nects me via SSH to the / server. The "-p" switch is an impor­tant one because some of us with para­noid secu­rity set­tings might have a dif­fer­ent port num­ber than the default port 22 for secure SSH. The rest user/host stuff is self-explanatory. The "-2" is to force SSH2 con­nec­tions instead of older vanilla SSH.

Now. Save the pro­file file and source it to try it out:

source .profile

Sourc­ing is only for this one time, for your cur­rent Ter­mi­nal win­dow, which had already exe­cuted the pro­file file *before* we added this alias. When you start a new Ter­mi­nal ses­sion, these aliases et al will be auto­mat­i­cally set for you.

Done. Now your pro­file has the alias for "s". From now when you type "s" in your Ter­mi­nal, it will con­nect, but it will ask you for a pass­word. To get rid of the nag­ging pass­word, we need to cre­ate pub­lic authen­ti­ca­tion key for the domain. This, in fact is what Secure­CRT does behind the scenes on Win­dows too.

Here are the steps to accom­plish this. Run these one-time com­mands in order from the Ter­mi­nal window.

# generate pub and priv keys, leave the passphrase empty
# (simply press ENTER when asked for it)
#copy the pub key to the remote computer
#(change port number if different from the usual 22)
#change "user" to your user name
#change "host" to your domain name
scp -P 22 ~/.ssh/ user@host:~/
#log on to the remote computer
ssh -p 22 user@host
#create the .ssh directory in the root login directory, if it doesn't already exist
mkdir .ssh
#append key to file
cat >> ~/.ssh/authorized_keys
#delete the public key file, no longer needed
rm -f
#log off the remote server
#logon to the remote server, without password prompt
ssh -2 -p 22 user@host

That's it. This is a huge time­saver. Now all I need to do to login to the / server is type one let­ter, "s" in the Ter­mi­nal, and I'm on! Fol­low these instruc­tions for each host you con­nect to on a reg­u­lar basis and you'll love the con­ve­nience henceforth.

  • Pingback: Save SSH password for use in “Terminal” (OSX or *Nix) | Available Domains - Industry leading domain name news()

  • Allen Lau­denslager

    Thanks so much for this. Very, very handy. They should include this sim­ple but very use­ful func­tion­al­ity as a 'Pref­er­ence' set­ting right into Ter­mi­nal. Btw, Secure­CRT rocks on Windows!

  • J

    This is a great arti­cle. Can you add to it how to cre­ate a sec­ond key on the local machine. Like should I name it id_rsa2? When I enter ssh-keygen:
    Gen­er­at­ing public/private rsa key pair.
    Enter file in which to save the key (/Users/…/.ssh/id_rsa):
    /Users/…/.ssh/id_rsa already exists.
    Over­write (y/n)? y
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your iden­ti­fi­ca­tion has been saved in /Users/…/.ssh/id_rsa.
    Your pub­lic key has been saved in /Users/…/.ssh/
    The key fin­ger­print is:
    f3:69:d1…:7e:39:83 j…@…-macbook-pro.local

    I know I shouldn't over­write the old one cause that breaks my old con­nec­tion. So what do I need to name the next id_rsa or does it even mat­ter, as long as it's in the .ssh directory?


  • / Shanx

    Hi "J".

    The file name doesn't mat­ter. On the server, we're using the ">>" direc­tive to add to the .ssh known pass­words, so it should work.

    On your own machine, the name can be any­thing, as long as you know that that's the file you're copy­ing to the server.

  • Tony

    ha amaz­ing! thank you!

  • Tony

    ha amaz­ing! thank you!

  • Russ Smith

    Wow, great! Sim­ple, easy to fol­low, and right to the point. Per­fect, thank you!

  • Hank

    The pub­lic key you use on your local machine is sup­posed to be uploaded to every remote server you wish to con­nect to, you do not need to gen­er­ate more than one pub­lic key on your local machine. You can keep using the same one and upload them to mul­ti­ple servers.

  • Jeff Geer­ling

    WOW! This is exactly what I was look­ing for… I knew I could add a key pair to stop hav­ing to enter my pass­word, but the alias in the Ter­mi­nal is immensely help­ful! No more typ­ing in IP addresses when I tun­nel into my server!

    Thanks for this article!

  • Ben

    Great writeup. I noticed that I also have to issue the fol­low­ing com­mand for things to work:
    chmod 700 ~/.ssh; chmod 600 ~/ssh/authorized_keys

  • David

    Thank you!
    As web devel­oper, this becomes very handy if you deploy your projects via rsync (over ssh). Once done, it saves a lot of time. Worked great.

  • pune­r­i­ashu

    great tip. very handy .. you just increased my productivity.

  • Slobo

    Thank you!!!! That's what I was look­ing for :)

  • Kelly

    ssh-copy-id –i [email protected]

    that is a lot quicker for copy­ing the key to the server.

  • Kyle Bandy

    Absolutely awe­some guide! Really a great time­saver here. Thanks a billion!

  • mike

    still ask­ing for the pass­word for me :( I fol­lowed every­thing. Could the secu­rity on my server not allow login via autho­rized keys?

  • JP

    Thanks Shanx.
    Every­thing works with­out a hitch except for one thing.

    The aliases are not being remem­bered. Every time I close the ter­mi­nal win­dow it for­gets them, and I get this error:

    –bash: s: com­mand not found

    How­ever, when I type "source .pro­file" again it remem­bers. That means for each new win­dow I open have to source the pro­file again. Can you please tell me what I'm doing wrong?

  • JP

    I fig­ured out a workaround. In the Ter­mi­nal pref­er­ences, I edited the Shell set­tings so that on Startup it runs the com­mand "source .profile".

  • Vince

    You rock good sir! Well writ­ten, easy-to-follow tuto­r­ial, con­sider this book­marked for future reference!

  • Pingback: Save SSH password for use in “Terminal” | 越子先生()

  • looki

    Very nice, I have faster way:
    ssh-copy-id [email protected]


  • smutek

    Fan­tas­tic — thank you!

  • HE

    I wish there were more sim­plis­tic tuto­ri­als like this out there in the world. Awe­some & explanatory.

  • RTT

    In 5 min­utes this fixed some­thing that has been bug­ging me for years! Thank you!

  • Rohit

    Great tuto­r­ial. Thanks.

    On a quick note, I am hav­ing to source the .pro­file file every time I open a new ses­sion of ter­mi­nal, or else it gives an error (-bash: s: com­mand not found). Is there a way this can be made per­ma­nent ? I am using Mac OSX Yosemite.


  • netyou

    I know this is old but it's not work­ing out for me. I still get a pass­word prompt :(

  • Anders

    Try to rename the file .bash_profile instead.

  • Vikas Kumar

    Check per­mis­sions of your home direc­tory, $HOME/.ssh direc­tory and $HOME/.ssh/*. Any one of these is not cor­rectly set.

  • Guest

    I do not like the idea of SSH keys as it com­pro­mises the secu­rity of the server. If some­one gets access to the machine, he is free to roam any­where. I would rather use perl-Expect, with pass­word encrypted files.

  • Vikas

    This is good, but I per­son­ally do not like the idea of SSH keys as it com­pro­mises the secu­rity of the server. If some­one gets access to the machine, he is free to roam any­where. I would rather use perl-Expect, with pass­word encrypted files.

  • Ken­neth Xu

    To con­sol­i­date from line 5 to 24 into one line:

    cat ~/.ssh/ | ssh [email protected] "mkdir –p ~/.ssh; cat >>~/.ssh/authorized_keys"

  • Sanja Franić

    Thanks so much!

  • Paul

    I did have to use chmod 700 ~/.ssh; chmod 600 ~/.ssh/authorized_keys on the server, but apart from this, it still works great (on osx 10.10.4 yosemite).