Home / ubuntu / Questions / 20863
Accepted
theTuxRacer
Asked: 2011-01-10 21:33:08 +0800 CST

How do I permanently add an identity for SSH?

  • 772

I need to run ssh-add <key> everytime I need to ssh into a webserver. Is there a way to add the ID permanently, so I dont have to keep adding the identities on each login?

EDIT: The key is a pem file, that I have downloaded from a cloud service.

ssh

8 Answers

  1. Best Answer

    Generate your key like normal: ssh-keygen, then place that key to the remote server with ssh-copy-id, which will sync it to the remote server's accepted keys.

    ssh-keygen
ssh-copy-id user@host

    It will prompt for your password then perform all the steps necessary to link your .pub key with the remote SSH server.

    By default it will copy all your .pub keys to the remote server. If you just created your key with ssh-keygen then this isn't a problem (because you only have one!). However, if you have multiple keys you can copy just a specific key with the -i flag.

    ssh-copy-id -i ~.ssh/key_name.pub user@host

    Replacing key_name.pub with the name of the key.

    • 44

  2. put this in your ~/.bashrc

    eval $(ssh-agent)
ssh-add ~/.ssh/where_ever_privake_key_is
    • 17

  3. You can generate a ssh key with the command:

    ssh-keygen

    Then you can copy your key to the server with:

    ssh serveruser@servername "echo `cat ~/.ssh/id_dsa.pub` >> ~/.ssh/authorized_keys"

    Now you can automatically log in your webserver

    • 7

  4. If your key is password-less and named as one of the files ssh will try to look for when identifying (~/.ssh/id_dsa or ~/.ssh/id_rsa), you shouldn't have to add it to your agent.

    BUT. If there's the slightest possibility of those files being stolen, you would have just allowed anyone to access the servers on which you are using this identity. In short, pwned.

    IMHO, password-less private keys are a bad practice, and should be used only on environments where ~/.ssh/authorized_keys is very restrictive.

    • 3

  5. Write a short shell script which will run ssh-add and then connect such as the following:

    ssh-add ~/.ssh/your-key
ssh user@remotehost

    You can then ssh into your host with one command.

    • 1

  6. For AWS, download the pem key, and run:

    ssh-add /path/to/pemfile.pem

    That worked for me, ubuntu 18.04. Source, Nothing else was needed.

    NB: However, it is important to set the permissions to 400 before doing this.

    chmod 400 /path/to/pemfile.pem

    If not you will get an error:

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
    WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0664 for '/home/toing_toing/blablabla.pem' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored.

    • 1 
  7.  ssh serveruser@servername "cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys"
    • 0

  8. Are you talking about Amazon Cloud? In your ~/.bashrc, create environment variables:

    # Amazon
export EC2_PRIVATE_KEY=$HOME/Keys/pk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.pem
export EC2_CERT=$HOME/Keys/cert-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.pem
export JAVA_HOME=/usr/lib/jvm/java-6-openjdk/
    • -3