How to enter ssh passphrase key once and for all
You want to use keychain
.
The keychain
program manages an instance of the key cache program ssh-agent
. When ssh-agent
is started, two environment variables are created to be eval'd. Normally when the shell is closed where ssh-agent
has been started, those environment variables are lost. The keychain
program keeps track of those variables across logins and provides shell scripts in the ~\.keychain
directory.
There are several ways to run keychain
, one method is manually from the command line. Each time you start the shell, use:
eval `keychain --eval`
This will find ssh-agent
if it's running, and start it if it's not. Either way, using eval on keychain
will set the necessary environment variables where you can add keys using:
ssh-add <private-keyfile>
If private-keyfile
has a password, you will be prompted to enter that password during the execution of ssh-add
, but as long as ssh-agent
is running that will be the last time you need to enter the password for the private key.
Because the eval of keychain
sets the SSH_AUTH_SOCK
environment variable, any run of ssh
will use the ssh-agent
to accomplish the authentication.
Another suggestion is to add the keychain
execution to your .bashrc
file, as suggested in this StackExchange answer.
To terminate keychain
just enter the command:
keychain --stop mine
or if you want to bring down all the instances of ssh-agent
, enter the command:
keychain --stop all
Just a note, using services such as ssh-agent
defeat the security of passworded private key files by storing those authenticated keys in memory. This is not safe, especially with memory side-channel attacks. If you're not interested in key security, the simpler solution is to remove the password on the private key as suggested by @vidarlo.
Run ssh-keygen -p
. This will allow you to remove the passphrase set on the key. If no passphrase is set, it's stored in clear text, and you can use it without unlocking it:
$ ssh-keygen -p
Enter file in which the key is (/home/user/.ssh/id_rsa):
Enter old passphrase:
Key has comment ''
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
Simply press enter when prompted for passphrase to set no passphrase. After that, you can use your key freely.