SSH is how I’ll be accessing all of my devices and VMs for remote usage. However, each time you want to SSH into a server you have to manually type out ssh user@IP and then provide the password. Which can get tedious, especially if any one of those things is particularly long.
SSH-Keygen #
Create a new SSH keypair with:
ssh-keygen -t ed25519 -C "<comment>"
When it prompts:
Enter file in which to save the key (~/.ssh/id_ed25519):
Give it a name, and remember it, this will be important later. When it prompts for a password enter in whatever password you generally use for your SSH keys. You can see the keypair it just created with ls ~/.ssh.
SSH-Copy-Id #
Now that the keypair is created, we will take our key and add it to the remote server’s authorized keys.
ssh-copy-id -i ~/.ssh/<private key> user@IP
SSH-Agent #
The ssh-agent is a helper program that keeps track of users’ identity keys and their passphrases. The agent can then use the keys to log into other servers without having the user type in a password or passphrase again. This implements a form of single sign-on (SSO).
— SSH Academy
This is the background process that holds your decrypted keys so that future SSH connections can be made automatically, eliminating the need to re-enter your password or passphrase each time.
Many desktop environments (DEs) and OSes take care of this already. You can see if an ssh-agent process is running with:
ps aux | grep ssh-agent
If there are none you can start one with:
eval $(ssh-agent)
SSH-Add #
Add your private key to ssh-agent with:
ssh-add ~/.ssh/<private key>
SSH Config #
You can create a config file which saves certain ssh configurations.
Create the config file:
touch ~/.ssh/config
Edit the file and add the following contents:
Host <what you want your shortcut to be called>
HostName <server IP>
User <user on server>
IdentityFile ~/.ssh/<private key>
I made the Host “main” so I can just run ssh main. Now the SSH agent will only ask for my key passphrase once at the start of each agent session, instead of every SSH command. You can also configure it to unlock automatically at login if you prefer, but I like having at least one password confirmation per session.