SSH key-based authentication simplifies connection to remote machines. It relieves users from the repetition of entering the same password repeatedly. Using keyring, one can enter their RSA password once per session and then remote to all configured machines any number of times. It's super handy when you have multiple machines. These instructions worked on my mixed network of 12 machines running Ubuntu 6.04, Ubuntu 6.10, and Solaris 9. However, I configured the Solaris servers only to accept connections. I have no experince compiling keychain on Solaris.
Generate a keypair with a strong password
ssh-keygen -t dsa
Copy new public key to remote server
scp ~/.ssh/id_dsa.pub remoteserver:~/.ssh/.
SSH to remote server and configure access
ssh remoteserver
cd .ssh
touch authorized_keys
chmod 600 authorized_keys
cat id_dsa.pub >> authorized_keys
rm id_dsa.pub
Edit /etc/ssh/sshd_config
sudo gedit /etc/ssh/sshd_config
Uncomment the following line:
AuthorizedKeysFile %h/.ssh/authorized_keys
Also, confirm that RSAAuthentication is set to yes.
Return to the localhost
exit
Install and use keychain to save your password for entire sessions. This frees you from the need to constantly enter your password.
sudo apt-get install keychain
Tell keychain to recognize and save your password.There are multiple methods for this. The first method asks for your password for each terminal
you open.
echo keychain --clear ~/.ssh/id_dsa >> ~/.bashrc
The second method asks for your password upon logging in and uses it for each terminal you open. With this one you only have to enter your password
once. To do this,go to to System>Preferences>Sessions, choose Startup
Programs, choose Add. enter the following, but fill in your user
name:
keychain --clear /home/youruser/.ssh/id_dsa
Configure keychain to start when you log in. Dapper differs from Eft,
though.
Dapper Drake:
echo source ~/.keychain/$HOSTNAME-sh >> ~/.bashrc
Edgy Eft, Feisty Fawn, and Gutsy Gibbon:
echo . ~/.keychain/$HOSTNAME-sh >> ~/.bashrc
NB: Collision with gnu-agent in Gusty Gibbon:
There is a problem with Enigmail's use of gpg-agent while using keychain to manage SSH keys. I believe I solved this by installing pinentry-gtk2 and editing my gpg.conf file..
sudo apt-get install pinentry-gtk2
gedit .gnupg/gpg.conf &
Comment out the line that begins "gpg-agent-info" and restart.
Try it out.
