How to avoid typing ssh-add everytime

ssh password ssh-agent

24,796

Solution 1

I have installed keychain.

sudo apt-get install keychain

If you're running bash you need to add a few commands to your .bash_profile If you do not have a .bash_profile create one in your home folder. Add these lines:

### START-Keychain ###
# Let  re-use ssh-agent and/or gpg-agent between logins
/usr/bin/keychain $HOME/.ssh/id_dsa
source $HOME/.keychain/$HOSTNAME-sh
### End-Keychain ###

At the start of a work day I will login. When I open a terminal, I will be prompted once for my passphrase. For all other new terminals and connections I will not be asked for my passphrase again.

Solution 2

What you are looking for is less secure , but it can be accomplished using public key authentication without the need for ssh-agent. A more secure option is to use public key authentication with a passphrase while turning off password authentication on the ssh server, but this isn't what you asked for. See the link at the bottom of this answer for instructions if you decide to do this instead.

To use ssh without being asked for any passphrase, you need to generate your keypair while leaving the passphrase field blank.

To check if you have already generated a keypair, check for the files id_rsa and id_rsa.pub in your ~/.ssh directory. If they are already there, you can delete them or move them to create a new keypair.

Note, if you delete them you will lose access to any ssh servers you are using then old keys to authenticate to if password authentication is turned off on the server.

To create a new keypair, run the following command:

ssh-keygen -t rsa

Accept the default location for the keys and leave the passphrase blank.

To give your public key to the ssh server you want to connect to, use the following command:

ssh-copy-id -i ~/.ssh/id_rsa.pub username@remotehost

After completing these steps, you will be able to log in to the remote server without a password from the computer you are using.

Reference: http://tombuntu.com/index.php/2008/02/20/public-key-authentication-for-ssh-made-easy/

24,796

ssgao

Updated on September 18, 2022

Comments

ssgao over 1 year
I read and followed some online documentation on how to set up a ssh-agent so that I don't need to type in password every time I ssh to a remote machine.

However, with the help of ssh-agent, I still need to do ssh-add every time I restart the shell. The ssh-add then asks me to enter the passphrase to unlock the private key.
```
Enter passphrase for key '/home/xx/.ssh/id_rsa':
```
Instead of typing in my password for the remote machine, I am asked to type in the password for the private key. It's like stepping out of a purgatory and found myself in a hell afterwards. It looks like the id_rsa is only temporarily added to the ssh-agent in a session, because every time I log in and type ssh-add -l. I get:
```
The agent has no identities.
```
May I ask how permanently store the key (id_rsa) in ssh-agent? Thanks

EDIT: this is what I did with ssh-agent. I appended the following block into ~/.bash_profile
```
SSHAGENT=/usr/bin/ssh-agent                                                                                        
SSHAGENTARGS="-s"
if [ -z "$SSH_AUTH_SOCK" -a -x "SSHAGENT" ]; then
  eval `$SSHAGENT $SSHAGENTARGS`
  trap "kill $SSH_AGENT_PID" 0
fi
```
- Admin over 10 years
  
  Do you mean that you have to type your passphrase each time you log in, or each time you open a shell window? You say you've followed some online documentation, but ssh-agent works out of the box on Ubuntu, so you shouldn't have had anything to do. What did you do exactly?
- Admin over 10 years
  
  I have to type in passphrase every time I ssh into the remote machine. BUT it is not the passphrase to access the remote machine, it is the passphrase to unlock my private key (id_rsa).
- Admin over 10 years
  
  I know that it's your key's passphrase. What I'm asking is what you did to set up ssh-agent, and whether running ssh-add has an effect that lasts longer than the shell window that you typed it in.
- Admin over 10 years
  
  The effect lasts until I log out of the system (local). I put what I did with ssh-agent in the post.
- Admin over 10 years
  
  This sounds like normal behavior: you need to type your passphrase once per session to unlock the key. If the unlocked key was stored somewhere, this would defeat the purpose of having a passphrase on the key — anyone obtaining the stored unlocked key could use it. Were you expecting something else? Do you want the key to be stored in memory after you log out so that it's available until the next reboot?
ssgao over 10 years

how is this different from typing ssh-add in the terminal?
abhishek almost 8 years

ya but then u will have to type ssh-add everytime... doing this will cut out your 2 steps --> eval "$(ssh-agent)" and ssh-add
Byte Commander about 6 years

Could you please expand your answer with more detail on how to do that and why it would solve the problem in question? Thanks.