SniptoolsSniptools | Design & Technology Observations

RSS

Save SSH password for use in “Terminal” (OSX or *Nix)

Jul 19th 2008
3 Comments

Respond
Trackback

Anyone who runs hosted remote servers and has to log into remote terminals for regular use, it is vital to have shortcuts that allow for quick login. SSH2 is the recommended way.

On Windows, there is the fantastic SSH2 tool SecureCRT. Or if you’re cash crunched, a combination of Putty and Putty Connection Manager works for many.

On Mac OSX and Unix/Linux systems, one doesn’t truly need an SSH client at all, because the “Terminal” application is inbuilt. People talk of iTerm and such, but I have still to see a value add for such tools.

But one does miss the convenience of SecureCRT on OSX, because I have still to find a true SecureCRT alternative for the Mac platform. Something that allows me to make pre-determined connections so I can just click on them to connect (which tools like JellyfiSSH do) and then logs me in directly without prompting for a password (which JellyfiSHH does not do).

So I have simply made aliases in my [code].profile[/code] file, which gets executed everytime you start your Terminal window (so it’s a good place to put your shortcuts and any code you wish to execute when the terminal starts, such as paths).

  1. Start the Terminal.
  2. Open the profile file for the current user (you).
  3. pico .profile
  4. Enter a new line for our shortcut.
  5. alias s='ssh -2 -p 22 [email protected]'

Quick explanation for that command in step 3. The letter “s” is the shortcut I make for connecting to the / server. Change it to what you wish. This will mean that when I start Terminal, all I need to do is type “s” and it connects me via SSH to the / server. The “-p” switch is an important one because some of us with paranoid security settings might have a different port number than the default port 22 for secure SSH. The rest user/host stuff is self-explanatory. The “-2” is to force SSH2 connections instead of older vanilla SSH.

Now. Save the profile file and source it to try it out:

source .profile

Sourcing is only for this one time, for your current Terminal window, which had already executed the profile file *before* we added this alias. When you start a new Terminal session, these aliases et al will be automatically set for you.

Done. Now your profile has the alias for “s”. From now when you type “s” in your Terminal, it will connect, but it will ask you for a password. To get rid of the nagging password, we need to create public authentication key for the domain. This, in fact is what SecureCRT does behind the scenes on Windows too.

Here are the steps to accomplish this. Run these one-time commands in order from the Terminal window.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# generate pub and priv keys, leave the passphrase empty
# (simply press ENTER when asked for it)
ssh-keygen
 
#copy the pub key to the remote computer
#(change port number if different from the usual 22)
#change "user" to your user name
#change "host" to your domain name
scp -P 22 ~/.ssh/id_rsa.pub user@host:~/
 
#log on to the remote computer
ssh -p 22 user@host
 
#create the .ssh directory in the root login directory, if it doesn't already exist
mkdir .ssh
 
#append key to file
cat id_rsa.pub >> ~/.ssh/authorized_keys
 
#delete the public key file, no longer needed
rm -f id_rsa.pub
 
#log off the remote server
exit
 
#logon to the remote server, without password prompt
ssh -2 -p 22 user@host

That’s it. This is a huge timesaver. Now all I need to do to login to the / server is type one letter, “s” in the Terminal, and I’m on! Follow these instructions for each host you connect to on a regular basis and you’ll love the convenience henceforth.




This post is tagged , , , , , ,

3 Comments

  1. Allen Laudenslager

    Thanks so much for this. Very, very handy. They should include this simple but very useful functionality as a ‘Preference’ setting right into Terminal. Btw, SecureCRT rocks on Windows!

  2. J

    This is a great article. Can you add to it how to create a second key on the local machine. Like should I name it id_rsa2? When I enter ssh-keygen:
    Generating public/private rsa key pair.
    Enter file in which to save the key (/Users/…/.ssh/id_rsa):
    /Users/…/.ssh/id_rsa already exists.
    Overwrite (y/n)? y
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /Users/…/.ssh/id_rsa.
    Your public key has been saved in /Users/…/.ssh/id_rsa.pub.
    The key fingerprint is:
    f3:69:d1…:7e:39:83 j…@…-macbook-pro.local

    I know I shouldn’t overwrite the old one cause that breaks my old connection. So what do I need to name the next id_rsa or does it even matter, as long as it’s in the .ssh directory?

    Thanks, J