Save SSH password for use in "Terminal" (OSX or *Nix)
Anyone who runs hosted remote servers and has to log into remote terminals for regular use, it is vital to have shortcuts that allow for quick login. SSH2 is the recommended way.
On Windows, there is the fantastic SSH2 tool SecureCRT. Or if you're cash crunched, a combination of Putty and Putty Connection Manager works for many.
On Mac OSX and Unix/Linux systems, one doesn't truly need an SSH client at all, because the "Terminal" application is inbuilt. People talk of iTerm and such, but I have still to see a value add for such tools.
But one does miss the convenience of SecureCRT on OSX, because I have still to find a true SecureCRT alternative for the Mac platform. Something that allows me to make pre-determined connections so I can just click on them to connect (which tools like JellyfiSSH do) and then logs me in directly without prompting for a password (which JellyfiSHH does not do).
So I have simply made aliases in my [code].profile[/code] file, which gets executed everytime you start your Terminal window (so it's a good place to put your shortcuts and any code you wish to execute when the terminal starts, such as paths).
- Start the Terminal.
- Open the profile file for the current user (you).
- Enter a new line for our shortcut.
pico .profile
alias s='ssh -2 -p 22 user@host.com'
Quick explanation for that command in step 3. The letter "s" is the shortcut I make for connecting to the sniptools.com server. Change it to what you wish. This will mean that when I start Terminal, all I need to do is type "s" and it connects me via SSH to the sniptools.com server. The "-p" switch is an important one because some of us with paranoid security settings might have a different port number than the default port 22 for secure SSH. The rest user/host stuff is self-explanatory. The "-2" is to force SSH2 connections instead of older vanilla SSH.
Now. Save the profile file and source it to try it out:
source .profileSourcing is only for this one time, for your current Terminal window, which had already executed the profile file *before* we added this alias. When you start a new Terminal session, these aliases et al will be automatically set for you.
Done. Now your profile has the alias for "s". From now when you type "s" in your Terminal, it will connect, but it will ask you for a password. To get rid of the nagging password, we need to create public authentication key for the domain. This, in fact is what SecureCRT does behind the scenes on Windows too.
Here are the steps to accomplish this. Run these one-time commands in order from the Terminal window.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | # generate pub and priv keys, leave the passphrase empty # (simply press ENTER when asked for it) ssh-keygen #copy the pub key to the remote computer #(change port number if different from the usual 22) #change "user" to your user name #change "host" to your domain name scp -P 22 ~/.ssh/id_rsa.pub user@host:~/ #log on to the remote computer ssh -p 22 user@host #create the .ssh directory in the root login directory, if it doesn't already exist mkdir .ssh #append key to file cat id_rsa.pub >> ~/.ssh/authorized_keys #delete the public key file, no longer needed rm -f id_rsa.pub #log off the remote server exit #logon to the remote server, without password prompt ssh -2 -p 22 user@host |
That's it. This is a huge timesaver. Now all I need to do to login to the sniptools.com server is type one letter, "s" in the Terminal, and I'm on! Follow these instructions for each host you connect to on a regular basis and you'll love the convenience henceforth.
[…] Credit:Save SSH password for use in “Terminal†(OSX or *Nix) derek-punsalan, domain-industry, explore-recent, favorites, linux, monthly-archives, office, securecrt, september-2002, september-2003, september-2004, sniptools, terminal, the-unstandard, tools, tutorials, windows […]
Thanks so much for this. Very, very handy. They should include this simple but very useful functionality as a 'Preference' setting right into Terminal. Btw, SecureCRT rocks on Windows!
This is a great article. Can you add to it how to create a second key on the local machine. Like should I name it id_rsa2? When I enter ssh-keygen:
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/…/.ssh/id_rsa):
/Users/…/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/…/.ssh/id_rsa.
Your public key has been saved in /Users/…/.ssh/id_rsa.pub.
The key fingerprint is:
f3:69:d1…:7e:39:83 j…@…-macbook-pro.local
I know I shouldn't overwrite the old one cause that breaks my old connection. So what do I need to name the next id_rsa or does it even matter, as long as it's in the .ssh directory?
Thanks,
J
Hi "J".
The file name doesn't matter. On the server, we're using the ">>" directive to add to the .ssh known passwords, so it should work.
On your own machine, the name can be anything, as long as you know that that's the file you're copying to the server.
ha amazing! thank you!
ha amazing! thank you!
Wow, great! Simple, easy to follow, and right to the point. Perfect, thank you!
The public key you use on your local machine is supposed to be uploaded to every remote server you wish to connect to, you do not need to generate more than one public key on your local machine. You can keep using the same one and upload them to multiple servers.
WOW! This is exactly what I was looking for… I knew I could add a key pair to stop having to enter my password, but the alias in the Terminal is immensely helpful! No more typing in IP addresses when I tunnel into my server!
Thanks for this article!
Great writeup. I noticed that I also have to issue the following command for things to work:
chmod 700 ~/.ssh; chmod 600 ~/ssh/authorized_keys
Thank you!
As web developer, this becomes very handy if you deploy your projects via rsync (over ssh). Once done, it saves a lot of time. Worked great.
great tip. very handy .. you just increased my productivity.
Thank you!!!! That's what I was looking for
ssh-copy-id –i user@server
that is a lot quicker for copying the key to the server.
Absolutely awesome guide! Really a great timesaver here. Thanks a billion!
still asking for the password for me
I followed everything. Could the security on my server not allow login via authorized keys?
Thanks Shanx.
Everything works without a hitch except for one thing.
The aliases are not being remembered. Every time I close the terminal window it forgets them, and I get this error:
–bash: s: command not found
However, when I type "source .profile" again it remembers. That means for each new window I open have to source the profile again. Can you please tell me what I'm doing wrong?
I figured out a workaround. In the Terminal preferences, I edited the Shell settings so that on Startup it runs the command "source .profile".
You rock good sir! Well written, easy-to-follow tutorial, consider this bookmarked for future reference!