How to easily set up key-based SSH authentication

Published on 15 February, 2012

You want to set up key-based authentication so you can ssh into a server without entering that pesky password over and over again?

If you have to do this often, then use this wonderful one-liner to install the public key of your system on a remote server¹:

cat ~/.ssh/id_?sa.pub | ssh <host> 'mkdir -p .ssh; cat >> ~/.ssh/authorized_keys'

Easy, right²? Replace <host> with your host, or possibly even user@host. To be able to use just <host>, you’ll want to configure SSH host aliases, e.g.:

Host seedbox2
    HostName norris.com
    User chuck
    Port 55555

I use this to add seedboxes to driverpacks.net’s hosting infrastructure — the Seedbox hosting companies switch machines quite frequently, which means I have to change the rsync scripts to point to the new hosts. ↩
Notice the question mark in id_?sa.pub? That way, it’ll pick up your public key for sure, no matter if it’s id_rsa.pub or id_dsa.pub. ↩

Add new comment

I prefer to use Kerberos…

If you’re going to use keys, take a look at Debian’s ssh-copy-id script. It’s a neat little wrapper around what you’re doing manually.

Kerberos has a SPOF1 and it’s

Kerberos has a SPOF1 and it’s more stuff to manage.

The line above works everywhere, ssh-copy-id is e.g. not present on OS X.

Good remarks, but I still prefer this way :)

Single Point Of Failure. ↩

You can run slave KDCs…

And:

[1543] (philip@luggage)~% uname -a
Darwin luggage.paeps.cx 11.3.0 Darwin Kernel Version 11.3.0: Thu Jan 12 18:47:41 PST 2012; root:xnu-1699.24.23~1/RELEASE_X86_64 x86_64
[1544] (philip@luggage)~% which ssh-copy-id
/Users/philip/bin/ssh-copy-id

I’ve had Debian’s script in my $HOME/bin (which I use on many different Unixes) for ages. Works quite well!

Nice works happiness quotes

Nice works happiness quotes and sayings and happiness quotes to be happy i love the design’s.

You miss id_ecdsa (and yes,

You miss id_ecdsa (and yes, that exists, though you need a fairly recent SSH to get it)

Hi,

Hi, you’re making some assumptions which may not hold true and can cause breakage:

~/.ssh/id_?sa.pub might not match the desired pubkey (mine won’t match)
StrictModes can be enabled (will complain over directory permissions), in fact my manpage says this is default.
authorized key file might not be ~/.ssh/authorized_keys (rarely, though)

The ssh-copy-id Philip mentioned comes with the upstream openssh releases and should be available in sane distribution packages (it’s also on Arch FWIW), if it’s not on OSX, then blame/fix the OSX package/release you’re using :) instead of having your peers maintaining their own alias/script to do this task IMHO

Well…

I’ve never seen it somewhere else than ~/.ssh/id?sa.pub
I have no idea about your second point.
I’ve never seen that either.

I don’t force anybody to maintain a script. I provide this handy one-liner that has saved me quite a bit of frustration already so far. Plus, you’d force me to maintain an OS X fork of ssh-copy-id. That’s hardly better.

I just figured I’d share this handy one-liner with the world, but I guess that was a mistake… ;(

Don’t let these comments

Don’t let these comments discourage you. It’s hard for *nix people to understand what it’s like to use OSX and *nix simultaneously. If you try to keep your environments exactly the same you’d go mad.

Nice shortcut. Thank you!

Nice shortcut. Thank you! And those wanting it do extra’s; you are free to add to this oneliner…

How to easily set up key-based SSH authentication

Tags