Apple - How to store SSH Credentials in Terminal
You can copy your public key to the remote machines. As long as they have public key authentication enabled, and your public key is present on the remote machine, you can ssh
to the machines without having to supply a password.
First you'll need to generate a public/private keypair like so:
ssh-keygen -t rsa
Follow the prompts. When it asks if you want to protect the key with a passphrase say YES! It's bad practice to not password-protect your keys and I'll show you how to only have to enter the password once in a while.
If you already have keypair you can skip the step above.
Now, assuming your ssh key exists on your Mac as ~/.ssh/id_rsa.pub
, you can install it on a remote machine by running:
cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
For your specific server example cited above, the command would look like:
cat ~/.ssh/id_rsa.pub | ssh -p 2200 [email protected] "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
You'll have to enter the password for [email protected]
to perform this copy, but this should be the last time you need to do this. Assuming the remote server's sshd
is setup to do public-private key authentication, when you ssh to the box now it shouldn't ask you for a password for the root
account -- instead it'll ask you for the password for your key. Read on for how to make this something you don't need to enter all the time.
Repeat the above for every machine you want to ssh in to with your keys instead of a password.
Please note, anyone who gets a hold of your ~/.ssh/id_rsa
file can ssh to this machine as root
without supplying a password for the remote machine. Password protecting the key file ensure they'd need to know the password for that key to use it. Make sure that file is secure. Use disk encryption on your Mac and keep the permissions on the file and the ~/.ssh/
directory tight.
To make it easier to use the key without having to enter the password every time, OS X runs an ssh-agent
process in the background on your machine. This agent will cache the keypair the first time you use it so you only have to enter your password once in a while. If you only sleep your mac, never restart it, you can go long periods of time without needing to enter your password.
You can pre-cache all your SSH keys with the ssh-agent
by running:
ssh-add
Now you only need to remember the key password, not the many different account passwords. I usually keep my key passwords in 1Password (no affiliation), further simplifying how many passwords I need to remember. Then I just look them up in 1Password and cut-and-paste them in the Terminal the odd time I restart my Mac and cause my running ssh-agent
to be restarted.
If you combine copying your key to remote machines with the Terminal.app connection management solution in this question, you'll have something very close to PuTTY for GUI connection experience.
On the server side, check /etc/ssh/sshd_config
and make sure:
PubkeyAuthentication yes
is enabled in the configuration (it is by default in OpenSSH). You may also wish to set:
PasswordAuthentication no
While you're there so password-based authentication is disabled and keys become the only way to access the machine.
You'll need to restart sshd on the machine if you make any changes to the configuration file.
You can use sshpass to save the password and won't have to insert everytime which isn't a good practice (security issues).
Follow the instructions for mac os x installation on : https://gist.github.com/arunoda/7790979
When you have sshpass installed run sshpass -p "YOUR_PASSWORD" ssh -o StrictHostKeyChecking=no [email protected]:2200
do the same thing for your 5 web servers and you won't need to insert the password everytime.
In addition to the public/private key stuff, the .ssh/config file can be configured to ease use of ssh commands, like aliases, defaut user/port per server, ssh options, proxy commands...
Basically anything complicated you can put in a ssh command can be in this file too.