Automate SSH logins with RSA/DSA keys

Automated Shell LoginOften when you are administrating remote Linux servers, you tend to login to the servers via your favorite shell. And every time when you login you are prompted for a user name + password to authenticate your session. This gets a bit tedious if you have many passwords to remember for different logins. This is were ssh keys can be used to save you from typing your credentials for every ssh login you execute. Once you have setup your SSH key, you are just one step away from making your life a whole lot easier.

I have put together a shell script which saves me the trouble of remembering various combinations of user names + passwords. It looks something like this: cat ~/.ssh/id_dsa.pub | ssh jeffery@example.com "(mkdir .ssh&>/dev/null; chmod 700 .ssh && cat - >> .ssh/authorized_keys ) && chmod 600 .ssh/authorized_keys"

Cat Piped Over Ssh explained

Lets take it step by step and go through what the above command actually does. This is the order of what happens when the above command is executed:

  1. Concatenate the contents (cat ~/.ssh/id_dsa.pub ) of my DSA public key
  2. Pipe the contents ( | ) to the ssh command ssh jeffery@example.com
  3. I am then executing four commands to the remote host via SSH
    1. The first command mkdir .ssh&>/dev/null is making sure the remote folder .ssh exists by creating it. And if the directory already exists, it will give an error message, but that error message is discarded to /dev/null. There could be a situation when this folder may not exist on the remote machine, hence we are making sure it exists.
    2. Next we make sure the .ssh folder is writable with the command chmod 700 .ssh.
    3. The double-ampersand (&&) which follows these two commands has a special meaning. It states if the previous command executed is not successful, do not execute any more commands in that statement. The only time this would fail would be if there is a folder called .ssh and it is not owned/writable by the user who is supposed to own it. In my case that would be the user “jeffery”.
    4. The next command we see is cat – >> .ssh/authorized_keys. If you remember in Step 1, the cat command which piped the contents of my DSA public key has now produced a Standard Input. This cat command is now taking that input and appending it to the .ssh/authorized_keys file. If the file didn’t exist, it should automatically have created that file and appended my DSA public key into it.
    5. Finally we make sure that the authorized_keys file in secure from other users by changing the permissions chmod 600 .ssh/authorized_keys.
  4. After this command is executed, the shell would prompt you to enter the accounts password.
    1. If this is the first time you are accessing the remote host, you will be prompted to verify the “authenticity” of the host. Type “yes” and hit Enter key.
    2. Provide the login password to complete the setup for Automated Login.

Shell Script

Finally to make things a bit more easier, here is the shell script which you can use by providing the user@domain as the parameter to setup your Automated logins.
#!/bin/bash
user_domain=$1
echo "Automating Login for $user_domain"
# Auto SSH
cat ~/.ssh/id_dsa.pub | ssh $user_domain "(mkdir .ssh&>/dev/null; chmod 700 .ssh && cat - >> .ssh/authorized_keys ) && chmod 600 .ssh/authorized_keys"

Copy the Above into a file called auto_ssh.sh, make it executable and run it. Change the user name and remote host to reflect your details. ./auto_ssh.sh jeffery@example.com

Resources

This entry was posted in BASh, Linux. Bookmark the permalink.

2 Responses to Automate SSH logins with RSA/DSA keys

  1. qdii says:

    Why do you create a subshell? is it necessary?

  2. Jeffery says:

    I am not sure why I wrote it in a sub-shell syntax. Have you tried it without?

    I also discovered that most common distros now have a command called “ssh-copy-id” to do what I have explained in this post.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>