I do not want to start ssh-agent and ssh-add as described here to manage my ssh keys for password less login. How do I install keychain software to manage my keys running on Debian or Ubuntu based cloud server?
OpenSSH offers RSA and DSA authentication to remote systems without supplying a password. keychain is a manager for ssh-agent.
Installing keychain for Debian and friends
You can install keychain the key manager for OpenSSH using the apt-get from the command line over an ssh session for cloud based instance or any other regular vps or dedicated server. Type the following command as root user:
$ sudo apt-get install keychain
OR
# apt-get install keychain
Sample outputs:
Reading package lists... Done Building dependency tree Reading state information... Done The following package was automatically installed and is no longer required: grub-pc-bin Use 'apt-get autoremove' to remove them. Suggested packages: gnupg-agent ssh-askpass The following NEW packages will be installed: keychain 0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded. Need to get 32.3 kB of archives. After this operation, 118 kB of additional disk space will be used. Get:1 http://mirrors.service.networklayer.com/ubuntu/ precise/universe keychain all 2.7.1-1 [32.3 kB] Fetched 32.3 kB in 0s (1,633 kB/s) Selecting previously unselected package keychain. (Reading database ... 47427 files and directories currently installed.) Unpacking keychain (from .../keychain_2.7.1-1_all.deb) ... Processing triggers for man-db ... Setting up keychain (2.7.1-1) ...
Configure keychain
You need to edit a file called $HOME/.bashrc, run:
$ vi $HOME/.bashrc
Add the following lines:
##################################################################################### ### The --clear option make sure Intruder cannot use your existing SSH-Agents keys ### i.e. Only allow cron jobs to use password less login ##################################################################################### /usr/bin/keychain --clear $HOME/.ssh/id_rsa source $HOME/.keychain/$HOSTNAME-sh
OR
########################################################################### # allow $USER to use keys. Only enter once and it will remain enabled till # you delete it or reboot the server ########################################################################### /usr/bin/keychain $HOME/.ssh/id_rsa source $HOME/.keychain/$HOSTNAME-sh
When you login, you will see the keychain mangeras as follows so that your shells and cron jobs can share a single ssh-agent process:
Keychain in action
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 1 comment… read it below or add one }
Just a small correction: I think it’s better served going into .bash_profile, per http://manpages.ubuntu.com/manpages/lucid/man1/keychain.1.html