Enter SSH passphrase once

1

Problem

After I’ve written posts for this blog, I would like to publish them by rake deploy, but I was prompted to type my passphrase for ~/.ssh/id_rsa for multiple times in Linux text mode. (In GNOME shell, this won’t be a problem.)

In fact, this problem can be generalised to the following one: What can be done so that the terminal only asks for the passphrase for the first Git push to a remote server?

Solution

I searched “linux tty remember ssh passphrase” and I found the answer on Ask Ubuntu. I then looked at the top of the man page of ssh-agent so as to avoid doing something wrong. After that, I used ps to convince myself that the argument that followed ssh-agent should be bash. After inputting the correct passphrase, I could push my Git commits to the remote server without any further authentication.

Using it with byobu

After I’ve entered the right passphrase, even though I type ssh-add ~/.ssh/id_rsa and give the wrong passphrase, I...

0 0
2
...
0 0
3

In this article, I’ll explain how to perform ssh and scp without entering the password using the SSH Public Key authentication with SSH Agent on openSSH

There are two levels of security in the SSH key based authentication. In order for you to login, you need both the private key and the passphrase. Even if one of them is compromised, attacker still cannot login to your account, as both of them are needed to login. This is far better than typical password based authentication, where if the password is compromised, attacker can gain access to the system.

There are two ways to perform ssh and scp without entering the password:

No passphrase. While creating key pair, leave the passphrase empty. Use this option for the automated batch processing. for e.g. if you are running a cron job to copy files between machines this is suitable option. Use passphrase and SSH Agent. If you are using ssh and scp interactively from the command-line and you don’t want to use...
0 0
4

This tutorial explains how to set up passwordless SSH login on an Ubuntu workstation. There’re basically two ways of authenticating user login with OpenSSH server: password authentication and public key-based authentication. The latter is also known as passwordless SSH login because you don’t have to enter your password.

2 Simple Steps to Set Up Passwordless SSH Login

Step 1: Generate a Public/Private Keypair on Your Ubuntu Workstation

On your Ubuntu workstation (not your server), enter the following command in a terminal window.

ssh-keygen -t rsa

-t stands for type. The above command generates a RSA type keypair. RSA is the default type, so you can also type ssh-keygen in terminal. By default the key is 2048 bits long, if you prefer stronger security then you can specify a 4096 bits key like below.

ssh-keygen -t rsa -b 4096

When asked which file to save the key, you can simply press Enter to select the default file. Next enter a good passphrase...

0 0
5

Not having to enter password for git pull in Ubuntu

The answer you linked to is for HTTPS remotes, but this line in your config:

remote.origin.url=git@bitbucket.org:username/repo.git

indicates you are connecting via SSH. The fact that you are being prompted for a password means that you have password-protected your SSH key. To cache your password for the current session, do:

eval $(ssh-agent) ssh-add

You'll be prompted for your password once, and after that it will be cached.

If you don't want to be prompted for a password ever, then you'll need to generate a new key with no passphrase. I recommend against this, since anyone who gets ahold of that key file can impersonate you anywhere that you use the key.

Also, I noticed this:

Enter passphrase for key '/root/.ssh/id_rsa':

It's generally a bad idea to run as root, so I'd recommend switching to another user account at your earliest convenience. (If you don't want to use your own...

0 0
6

If you are accessing a remote server frequently, it is convenient for you to be able to SSH to the remote host without entering an SSH password. Passwordless SSH login is even more useful when you are using SSH for non-interactive purposes, for example, for filesystem mount, offsite backup, etc. Also, many distributed systems or cloud orchestration layers (e.g., OpenStack) leverage password-less SSH authentication to control remote compute nodes.

If you want to log in to a remote SSH server without entering an SSH password, you can instead use key-based authentication, where you install your public key on a remote server a priori, and then log in to the server non-interactively by presenting your private key as an authentication key.

Here is how to enable SSH login without entering an SSH password.

Assume that you are a user account alice on host1, and wish to ssh to host2 as user bob, without entering the bob's password.

First, you need to be logged in...

0 0
7

I've to work a lot with SSH on different Servers where I'm not allowed to store a public Key on the remote Server. So i cant use SSH-Keys and SSH-Agent.

The Authentication is over LDAP so its always the same Password. I would like to enter my password once per Session which is then stored somewhere and use it for all further Connections.

I’ve searched a lot and the best way I could find is to store the Password in an environment Variable and use sshpass like:

But I dont like the idea to know that my password is saved in an environment Variable. Is there a better way to do this?

Not really, by the sound of it.

I guess you could wrap sshpass in a script, to avoid having the password in your env, but then you have it written in a script. Basically, if a password must be involved, you probably just have to deal with it.

One possibility might be using SSH certificates instead of pubkeys, which allows more granularity and control (see...

0 0
8

I’ve recently begun exploring Ansible, which is a Python-based configuration management and orchestration system that uses ssh (when in unix land). As one can imagine, typing your password for every connection to each server gets tedious. The solution to this problem is not to use simpler passwords!

Setting up keys

The canonical way of resolving this is to set up ssh keys with ssh-keygen. By default, this deposits your keys in ~/.ssh, with your public key at id_rsa.pub and your private key (keep this secret!) at id_rsa. Then, if you append the contents of id_rsa.pub to /home/someuser/.ssh/authorized_keys on some other machine, you can do ssh someuser@someothermachine to log in as that user without typing a password. (This is assuming your system is set up similar to the vast majority of Unix machines with ssh daemons running.)

In comparison to an attacker trying to guess a human-memorable password, brute forcing a 2048-bit key is outside the realm of...

0 0
9
Start up ssh-agent. You can have it create a subprocess which inherits the SSH_AUTH_SOCK environment variable, or you can run it as a daemon.

Since I run gdm on Debian, ssh-agent is started automatically when I log in. If you don't have this benefit, you can get it by putting the following line at the end of your .xsession file (You can substitute your window manager for gnome-session if that is what you use):

ssh-agent gnome-session

Which basically means that ssh-agent starts up, creates a socket, sets up a couple of environment variables and then starts up gnome-session. That way all of the programs run in Gnome have access to the agent.

The above solution is the best one if you are logging in via GDM or another graphical login manager under *nix. However, if you login at the console, or want to use ssh-agent under Cygwin, you'll have to use one of the following solutions.

If you want to, say, put it in your .profile, then you might...

0 0
10

This document covers how to use an SSH client on the Windows operating system. If you use Linux, Mac OS X or another unix based OS, please read the document SSH Tutorial for Linux.

What Is SSH?

Windows users may not be as familiar with the concept of logging into a remote computer to run programs for checking e-mail, editing files and to run commands. It used to be that nearly all the activity on the Internet was conducted through remote login sessions to large servers running at universities and large enterprises. These login sessions were text only and people could run programs to do things like check their e-mail, download files, read newsgroup posts and even visit websites.

When you login to these sessions, you are running what is called a shell, and so people now call these login sessions shell accounts.

There are a couple of ways that you can access a shell (command line) remotely from Windows. One of the older ways is to use the telnet program,...

0 0
11

Now this is all well and good, but who wants to run their whole life from a single bash instance? If you use an X window system, you can type your passphrase once when you fire up X and all subprocesses will have your keys stored.

Make yourself another key:

ssh-keygen -t dsa -f ~/.ssh/whoisit

Just press return when it asks you to assign it a passphrase- this will make a key with no passphrase required. If this works right you will get two files called whoisit and whoisit.pub in your .ssh dir.

cp ~/.ssh/whoisit.pub tempfile

We want to work on it a little. tempfile should consist of one really long line that looks kind of like this:

ssh-dss AAAAB3NzaC1k[...]9qE9BTfw== pkeck@hurly.example.com Edit tempfile and prepend some things to that line so that it looks like this: command="echo I\'m `/usr/ucb/whoami` on `/usr/bin/hostname`",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss AAAAB3NzaC1k[...]9qE9BTfw== whoisitnow That will do what we...
0 0