inside Alan's cluttered head
Plant my key
Here’s a neat little script that I developed at “the oven place”. It “plants” my SSH key on a remote machine, so I can get in later without entering a password.
#!/bin/sh
user_at_machine=$1
# plant my SSH key on the target machine
cat $HOME/.ssh/id_rsa.pub | \
ssh $user_at_machine \
"if [ ! -d .ssh ] ; then mkdir -m 700 .ssh ; fi ; \
cat >> .ssh/authorized_keys"
All of the action takes place in one single line (which I broke up here so it would wrap OK). It takes your public key from the machine you’re on, and it pipes it into an SSH session, which you’ll have to type your password into. On the remote machine, it creates a .ssh directory if it needs to, and then it appends your public key to an authorized_keys file.
The next time you log in to that remote machine, you will not need to enter your password.
4 comments
Leave a Reply
You must be logged in to post a comment.
SSH actually ships with a utility to do this called “ssh-copy-id”
Do you password protect your ssh keys? Or do you just always keep them on a USB drive or something?
Also, I generally use the dsa keys instead of the rsa keys. Any reason I should use one or the other?
I do usually encrypt keys that I use day-to-day, especially the keys on my PC at work, which might be accessed by anyone. The command to do that is “ssh-keygen -p [keyfile]”. P stands for “passphrase”. For the most part, having the passphrase does not slow me down, because my X-windows session has a key agent running all of the time, so I only need to enter the passphrase the first time I use the key, and that lasts for the whole day or until I log out.
I do leave some keys unencrypted, like the ones for automatically backing up stuff via ssh/rsync. These are meant to run non-interactively, and passphrases would cause backups to stop working.
I don’t think there’s any reason to prefer rsa over dsa or visa-versa, but I have not really looked into it.
The ‘ssh-keygen’ man page says this about key lengths:
“For RSA keys, the minimum size is 768 bits and the default is 2048 bits. Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2.”
So it looks like RSA keys can be longer than DSA keys.