Password Free Logins Over ssh (Part 2)

In the last post I suggested you add a passphrase to keep your private key secure. The problem with this is that now you have traded entering a password for entering a passphrase which is most likely longer. Doesn’t seem like such a great trade off.

Well in steps ssh-agent which handles the authentication for you. You authenticate with your passphrase once to ssh-agent and it handles the key for you after that.

ssh-agent isn’t the most convenient application to use, but fortunately there are great front-end alternatives to working with it directly, SSHKeychain on OS X and Keychain on Linux.

I’m not going to cover Keychain, but you can check with your distro and apt-get, emerge, rpm, or whatever you need to install it. Depending on your distro you may need to do more or less, so check the READMEs


Go to to get the dmg file and drag it into your Applications directory. You might want to add it to the items that start at login.

Double click on SSHKeychain to start it up. Open SSHKeychain->Preferences and click on “SSH Keys” Most likely your key is listed there, if not click the “+” sign. When the Open dialog appears, click in the search box in the upper right hand corner and type in “~/.ssh” to get to the hidden .ssh directory. Select our id_dsa file that you created, and it should appear in the SSH Keys window.

Now go to the Environment tab. Enable “Manage (and Modify) global environment variables” to make SSHKeychain available to your applications.

You will now need to re-login and start up SSHKeychain to make everything work.

Now the first time you log into a system, you will be prompted to enter your passphrase, but after that SSHKeychain (and ssh-agent underneath) handle it form there.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: