Ssh-agent
ssh-agent acts as a key repository for ssh, enabling ssh to use these key for authentication without asking for a password.
Note that using ssh-agent is only safe on system where root is trusted. This applies to authentication-forwarding as well.
To use, you will first have to use ssh-keygen to generate at least one keypair. Remember to use a passphrase, as keys without passphrases are very vulnerable. A very short example of how to do this:
$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/esben/.ssh/id_dsa):(press return) Enter passphrase (empty for no passphrase):(enter passphrase) Enter same passphrase again:(repeat passphrase) Your identification has been saved in /home/esben/.ssh/id_dsa. Your public key has been saved in /home/esben/.ssh/id_dsa.pub. The key fingerprint is: 50:14:dc:aa:da:de:aa:d3:d7:84:ab:cc:e6:43:b0:42 esxxn@skxxxxxn.dk
Remember to use a passphrase. Next you must append the newly generated public key into the remote host's user's ~/.ssh/authorized_keys2. E.g.
$ cd $ scp .ssh/id_dsa.pub remote_user@remote_host: $ ssh remote_user@remote_host $ cat id_dsa.pub >> .ssh/authorized_keys2 $ rm id_dsa.pub $ exit
You should now be able to log in to remote_user@remote_host using the passphrase you just entered above instead of your password. Try it:
$ ssh remote_user@remote_host (enter passphrase)
Now you can use ssh-agent. Just running ssh-agent will cause it to spew out some shell commands meant to be executed. To actually make it do anything, you need to use something like
$ eval `ssh-agent`
Note the backticks. You can now load your key into ssh-agent's repository
$ ssh-add (enter passphrase)
You should now be able to ssh to the remote server without entering a password.
It is entirely possible to set up a login script that uses ssh-agent directly. However, it is simpler to use keychain [1]. With keychain installed, all you need to do is add something like this to your ~/.profile or ~/.bashrc:
$ keychain -q --nolock $ source ~/.keychain/`uname -n`-sh >/dev/null
With this setup you will only need to use ssh-add once per reboot. You can then ssh password-less to any host where you have installed your id, in a safe and secure manner.