You can connect to the servers using the SSH protocol without the need to insert the password every time you connect. The trick is to generate a encripted key that can be used by the systems to recognize yourself and allow your access to local resources. This behaviour can be used when you are using the Servers from the Epfl Network, but also when you connect to the server from outside the Epfl.
Note that this doc applies only to Unix (Mac/Linux). There are similar things on window but they might not work exactly as described here.
$ ssh-keygen -t dsa
~/.ssh/authorized_keyson the machines where you want to be able to ssh into (e.g. if you are generating the key pair on your laptop, you might want to add the public key on the cluster lth.epfl.ch):
$ cat ~/.ssh/id_dsa.pub | ssh USERNAME@lth.epfl.ch 'cat - >> ~/.ssh/authorized_keys'
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
From now, every time you connet to a server, the server will recognize your workstation automatically (it read the ~/.ssh/authorized_keys file everytime you connect) and you can login without bothering with the password…. well almost! Curious? Continue reading.
In fact, since your private key is encrypted, you need to type the password to decrypt it each time you want to use it. Seems like we have just replaced the “enter remote machine password” with “enter local key encryption password”.
Ssh-agent is a program that keeps in memory your decrypted private ssh key and serves it to ssh when it is needed. In this way you only have to type the decryption password only once. Keeping the decrypted key (or the password) in memory is considered safer than letting the key file un-encrypted.
All modern desktop environment (os X, Gnome, KDE), do take care automatically the ssh key decryption business and you don't have to do anything. Yahoo!
If you are not on a full desktop environment (e.g. if you ssh to a machine from where you want to connect to [several] another machines), then you have to setup the ssh-agent business by hand.
The two (actually three) steps are
ssh-agentand setup the environment variables accordingly:
$ eval `ssh-agent -s`
ssh-agentto manage your
id_dsakey (eventually with a lifetime
$ ssh-add [-t time_in_seconds] ~/.ssh/id_dsa
$ ssh-agent -k
Since this is quite cumbersome, I suggest to add the following to your
# only for interactive shell if [ "$PS1" ]; then # run ssh agent if not already running SSHAGENT=/usr/bin/ssh-agent if [ -z "$SSH_AUTH_SOCK" -a -x "$SSHAGENT" ]; then eval `$SSHAGENT -s` alias ssh='ssh-add; unalias ssh; ssh' trap "$SSHAGENT -k" 0 fi fi
This will start
ssh-agent and add
ssh-add only the first time you try to use
ssh. This way you will have to type the password only if you really need to