Matt's Grand Ideas

No more ssh passwords

Google+ Pinterest LinkedIn Tumblr

I really get irritated with passwords. I want to avoid entering them when possible. However, I want to keep security high.

Using SSH keys, you don’t need to enter passwords to log into systems. However, if you’re wise, you’ve encrypted your SSH key to keep it and your systems secure. So what’s the benefit of removing your password if you just have enter a password to decrypt your key?

If you use ssh-agent and ssh-add you can enter your password one time to decrypt your key and then it will help you log in each time you use SSH. Big benefit.

__But__, its so irritating (to me at least) to enter your password on each login. Sometimes I don’t use SSH. What would be better is to simply enter your password to unlock your key the first time you use it, and from then on not need to enter your password.

I have access to many wise and knowledgeable Ubuntu users and sysadmins (I’ll bet you’d have never guessed that) and all of them said, “that would be cool.” That’s not a very satisfying response though. So, I came up with a system to provide this. __But it doesn’t quite work__, maybe you can suggest an improvement.

alias ssh=’if [[ ! `ssh-add -l|wc -l` > 0 ]];then ssh-add; fi; ssh’

Or, in a more readable format:

alias ssh=’
if [[ ! `ssh-add -l|wc -l` > 0 ]]

Variations I’ve tried which also don’t work are to list the keys as command line args to ssh-add.

Note, if I run this without using an alias, i.e. just type each of these commands on the command line, it works fine.

The premise here is to check to see if ssh-add reports it has decrypted the keys (ssh-add -l lists the keys, wc -l counts them, and > 0 checks to see if the count is 1 or more). If not, then run ssh-add which should prompt you for the password to decrypt your keys. Lastly, the ssh command is run.

My first thought was that /usr/bin/ssh was overriding my alias, but even if I use alias ssc=’…’ and then run the ssc command the problem continues. Suggestions?

Web guy, big thinker, loves to talk, teach and write. I make technology easier to use @ John Deere ISG.

Pin It