lines 2-223 of file: ssh_key.xrst

{xrst_begin ssh_key}
{xrst_spell
   bashrc
   cd
   chmod
   cygwin
   dev
   dsa
   ef
   fi fi
   grep
   keygen
   lf
   passphrase
   pid
   rsa
   scp
   sed
   usr
}

Using ssh With Out Passwords
############################

Notation
********

.. list-table::

   * - **Variable**
     - **Description**
   * - *machine_local*
     - Name of the machine where you will initiate ``ssh`` commands from.
   * - *password_local*
     - Your ``ssh`` password on *machine_local* .
   * - *comment*
     - A very short comment used to identify the ``ssh`` key pair
       used on *machine_local* .
   * - *type*
     - The type of key pair that *machine_local* will use.
       This should be either ``rsa`` or ``dsa`` .
   * - *pid*
     - The process id corresponding to the ``ssh-agent``
       running on *machine_local* .
   * - *machine_remote*
     - Name of the remote machine where ``ssh`` commands will be executed.
   * - *usr_remote*
     - Your user name on *machine_remote* .
   * - *password_remote*
     - Your login password on *machine_remote* .

Step 1: Create Key Pair
***********************
On *machine_local*  execute the commands

| |tab| ``cd``
| |tab| ``ssh-keygen -t`` *type* ``-C`` *comment*

In response to the prompt

   ``Enter file in which to save the key`` (... . ``ssh/id_`` *type* ):

hit return (to choose . ``ssh/id_`` *type* for you private key file).
In response to the prompt
::

   Enter passphrase (empty for no passphrase):

enter *password_local* .
In response to the prompt
::

   Enter same passphrase again:

enter *password_local* .

Step 2: Setup ssh-agent
***********************
The following ``bash`` script is a modification
of a
`post <http://www.cygwin.com/ml/cygwin/2001-06/msg00537.html>`_
on a cygwin mailing list:
{xrst_comment the $ character is used for the dollar sign}
::

   #
   # file where start_ssh_agent store environment variable values
   SSH_ENV=${HOME}/.ssh/environment
   #
   # start a new ssh-agent
   function start_ssh_agent {
   ssh-agent | sed > ${SSH_ENV} \
   -e 's/^echo /# &/'
   chmod 600 ${SSH_ENV}
   . ${SSH_ENV} > /dev/null
   echo "New ssh-agent pid = ${SSH_AGENT_PID}."
   }
   # check if environment variable is set
   if [ "${SSH_AGENT_PID}" == "" ]
   then
   # check if file with environment variables exists
   if [ -f "${SSH_ENV}" ]
   then
   . ${SSH_ENV} > /dev/null
   else
   start_ssh_agent;
   fi
   fi
   # make sure environment variable matches process id
   if ! ps -ef | grep ${SSH_AGENT_PID} | grep 'ssh-agent' > /dev/null
   then
   start_ssh_agent;
   fi
   #
   # get the fingerprint for the private key in .ssh
   if [ -e .ssh/id_dsa ]
   then
   id=`ssh-keygen -lf .ssh/id_dsa | sed -e 's/[^ ]* \([^ ]*\).*/\1/'`
   fi
   if [ -e .ssh/id_rsa ]
   then
   id=`ssh-keygen -lf .ssh/id_rsa | sed -e 's/[^ ]* \([^ ]*\).*/\1/'`
   fi
   #
   # make sure identity has been added to ssh-agent
   if ! ssh-add -l | grep "$id" > /dev/null
   then
   echo "Run ssh-add to add your identity to ssh-agent."
   fi

This script makes sure that the ``ssh-agent`` daemon is running.
It also prompts you to run ``ssh-add`` if you have not
already done so.
Add this script to the shell initialization file ``$HOME/.bashrc``
so that it is run whenever you start a new shell.

You can check if this script is being run by first running
::

   ssh-add -D

to remove all the identities from ``ssh-agent`` .
Then when you start a new shell, you should see the message

   ``Run ssh-add to add your identity to the agent.``

If this script is not run automatically when a shell starts up,
you can run it with the command
::

   source $HOME/.bashrc

Step 3: Store Password in ssh-agent
***********************************
If the script above prints the text

   ``Run ssh-add to add your identity to the agent.``

you should to run ``ssh-add`` to
store a copy of your ``ssh`` password in the current ``ssh-agent`` .
This is done by executing the command
::

   ssh-add

In response to the prompt

   ``Enter passphrase for`` ... . ``ssh/id_`` *type* :

enter *password_local* .

Step 4: Copy Public Key
***********************
On *machine_local* execute the command

   ``scp .ssh/id_`` *type* . ``pub`` *user_remote* @ *machine_remote* :

In response to the prompt

   *user_remote* @ *machine_remote* ' ``s password:``

enter *password_remote* .

Step 5: Authorization
*********************
On *machine_local* execute the commands

   ``ssh`` *user_remote* @ *machine_remote*

In response to the prompt

   *user_remote* @ *machine_remote* ' ``s password:``

enter *password_remote* .
After the login response, enter the commands

| |tab| ``cat id_`` *type* . ``pub >> .ssh/authorized_keys``
| |tab| ``exit``

Step 6: Test Authorization
**************************
On *machine_local* re-execute the command

   ``scp .ssh/id_`` *type* . ``pub`` *user_remote* @ *machine_remote* :

This time you should not need a password to complete this command.
If ``scp`` responds

   ``Enter passphrase for key`` '... . ``ssh/id_`` *type* ':

run the script in
:ref:`Step 2<ssh_key@Step 2: Setup ssh-agent>`
by executing the command
::

   source $HOME/.bash_profile

then run ``ssh-add`` , as described in
:ref:`Step 3<ssh_key@Step 3: Store Password in ssh-agent>` ,
and then try the ``scp`` command again.

{xrst_end ssh_key}