How to enter ssh passphrase key once and for all

ssh password passphrase encryption

You want to use keychain.

The keychain program manages an instance of the key cache program ssh-agent. When ssh-agent is started, two environment variables are created to be eval'd. Normally when the shell is closed where ssh-agent has been started, those environment variables are lost. The keychain program keeps track of those variables across logins and provides shell scripts in the ~\.keychain directory.

There are several ways to run keychain, one method is manually from the command line. Each time you start the shell, use:

eval `keychain --eval`

This will find ssh-agent if it's running, and start it if it's not. Either way, using eval on keychain will set the necessary environment variables where you can add keys using:

ssh-add <private-keyfile>

If private-keyfile has a password, you will be prompted to enter that password during the execution of ssh-add, but as long as ssh-agent is running that will be the last time you need to enter the password for the private key.

Because the eval of keychain sets the SSH_AUTH_SOCK environment variable, any run of ssh will use the ssh-agent to accomplish the authentication.

Another suggestion is to add the keychain execution to your .bashrc file, as suggested in this StackExchange answer.

To terminate keychain just enter the command:

keychain --stop mine

or if you want to bring down all the instances of ssh-agent, enter the command:

keychain --stop all

Just a note, using services such as ssh-agent defeat the security of passworded private key files by storing those authenticated keys in memory. This is not safe, especially with memory side-channel attacks. If you're not interested in key security, the simpler solution is to remove the password on the private key as suggested by @vidarlo.


Run ssh-keygen -p. This will allow you to remove the passphrase set on the key. If no passphrase is set, it's stored in clear text, and you can use it without unlocking it:

$ ssh-keygen -p 
Enter file in which the key is (/home/user/.ssh/id_rsa): 
Enter old passphrase: 
Key has comment ''
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.

Simply press enter when prompted for passphrase to set no passphrase. After that, you can use your key freely.

Related

Someone just remotely entered my computer and start googling for things. How?
How to set default editor in 13.04? [duplicate]
Why is wget still shipped as the default download manger, whereas there's richer apps [closed]
How do I identify the partitions of my hard drive in order to then shred them all?
Why is this bypassing the SUDO password?
Why compressed directories cannot be extracted in /opt?
SAMBA -- Cannot access Samba share from XP
found ls binary using whereis but can't find ll why?
What does the -rd option mean in the cp command?
Find line with digits
Renaming multiple files with complex numbered names
How do I make Bash history undeleteable?