, , ,

Normally when using ssh you need to type a long command into the command line, then type your remote user’s password.

This post is about how to set it up so that you don’t need to do all of this. First we’ll set up an ssh keypair, then we’ll set up the server to accept this key. We’ll then create an alias to quickly log in to the server.

Before doing the steps below, make sure you are logged in to the local machine with the user that you want to be able to access the remote machine. It is also helpful if the local machine has a sensible hostname set.

Setting up ssh client
I would use openssh. First you need to install openssh-client. This can be done using your distribution’s package manager. If you install openssh-server as well other computers can ssh into it. Personally I install both just in case I need to ssh in either direction. Sometimes the package is just openssh and installs both anyway.

Setting up an ssh keypair
First you need to generate the keypair. The command you need is:

ssh-keygen -t dsa

This will then ask you for a password. Leave the prompt blank for no password. Leave the file as the default. This is less secure than setting a password. The dsa specifies the encryption algorithm the key uses.

If you did set a password it would protect the secret part of the key but you will need to enter the ssh key’s password every time you try to ssh into something. This doesn’t solve the original problem. There is a way to set the password and use a wallet to manage it (gpg-agent or ssh-agent), however I will deal with this in a future post.

Making the server accept your ssh key
You need to send the public half of the keypair to the server. The server will then add it to its “allowed keys” configuration file for your user. The command to send it to the server is:

ssh-copy-id user@remote-host

You will be required to enter the password for user on remote-host because it has to confirm that you own that user account.

It will tell you to sign in to the server and check that it only added the keys you requested. This is a good idea to do anyway at various times just in case security has been breached. The file to check is:


Adding an alias
If you want to make it even easier, you can add an alias in your .bashrc file. The line you want to use is:

alias remotehost-ssh='ssh -X user@remotehost'

The “-X” is to allow X11 forwarding, this is only necessary if you want to run graphical programs on the remote server.