This would be used in a scenario when you must have a passphrase when creating ssh keys. If you don’t have a requirement to use a passphrase just press enter when prompted for one when doing ssh-keygen, and ignore the ssh-agent steps.
Having already installed openssh.
On source machine –
ssh-keygen -t dsa -f ~/.ssh/id_dsa -C user@server |
Copy key to target machine –
cat ~/.ssh/id_dsa.pub | ssh user@server 'cat - ~/.ssh/authorized_keys' |
or just copy and paste the contents of ~/.ssh/id_dsa.pub into ~/.ssh/authorized_keys on your target server.
Check authentication works (should ask for a passphrase) –
ssh user@server |
Add the following to .profile
if [ -z $SSH_AUTH_SOCK ]; then eval ssh-agent -s ssh-add ~/.ssh/id_dsa fi |
Restart shell to load agent.
If you get a “Could not open a connection to your authentication agent.” error try this instead :
eval $(ssh-agent) |
Test with –
ssh user@server |
So at this point the ssh-agent should provide the key to the authentication process and you should not be prompted to enter a passphrase.
If there are problems:
- Check that the ~/.ssh directory and the ~/.ssh/authorized_keys file are set to 600 perms (rw- for owner only).
- Use -vvv options with ssh to show debug information.
- Check hostname resolution in both directions.
- Check sshd is running on both servers.
