With SSH you can securely login to any Linux server and execute commands
remotely. You can even use SSH to transfer and
synchronize files from one server to another. Automating these tasks can make your life easier, but
normally SSH prevents that because it requires you to login every time. Well,
not anymore, in this article I will show you how to connect to SSH without a
About SSH keys
SSH keys allow machines to identify each other without you having to type the
password every time. First we need to generate a key (it’s nothing more than a
randomly generated sequence of bytes, see it as a fingerprint) on the machine
you’re going to make the connection from. And then you install that unique key
on the machine that needs to accept the connection.
Little helper script
Installing keys takes quite a couple of commands, not very easy to remember
either. And if you have multiple servers, you might even want to automate the
process of installing keys. No worries, I did this for you. So just download
the helper script and install it. Open a terminal, and type:
su - # If you're going to use the keys to automate tasks, become root firstmkdir -p ~/bin
wget -O- "https://raw.github.com/kvz/kvzlib/master/bash/programs/instkey.sh" > ~/bin/instkey.bash
chmod 755 ~/bin/instkey.bash
Running the script: installing keys
Now with the script in place, installing SSH keys is easy. To allow easy
access to server.example.com just open a terminal and type:
The first time you run the script, it will create the necessary keys, when it
asks for a pass phrase, just hit enter. Then it logs in at
server.example.com (now you need to enter the server’s password for the last
time ; ), and it saves the key.
Installing ssh keys under a different user
Make sure you are logged in as the user you want to have passwordless ssh
access. Let’s say this user is called: kevin.
Goto the place you downloaded the instkey.sh script to, and type:
./instkey.bash server.example.com kevin
Notice the second argument? This will make sure keys from kevin aren’t
remotely installed to root, but to kevin as well. Easy right?
Of course you should really be carefull where and when to install ssh
keys, because if one machine is compromised, it’s very easy for a cracker to
hop to the next system without logging in. So choose wisely when to use this
Keys are user specific. So if you’re going to run programs as root
that need to automatically login to systems, you must also install the key as
These were imported from my old blog. Please use disqus below for new comments
on 2010-11-08 13:38:18
@ JoGoFo: Thanks, I’ve updated the article!
on 2010-11-05 07:41:35
The script doesn’t exist any more!
I can’t download http://kevin.vanzonneveld.net/download/instkey.bash/
on 2010-04-04 17:09:08
@ Greg: Thanks ;)
@ achmad: You'd still have to do that manually. But it's easy. just remove the public key (1 line) form the authorized_keys file at the remote end.
on 2010-03-30 10:36:12
tanks for script, its work…
but how to remove installed key ???
on 2010-03-11 19:20:45
Awesome little script Kevin, I've done this the hard way before but I didn't feel like \&
quot; this time. :)
Good Karma sent your way….
on 2008-12-31 13:23:21
@ dave: This only works for ssh. But since SFTP communicates over SSH, it could work if you're using SFTP. No need for special configuration or anything.
Though you may want to specify a user like this:
dave@localhost# ./instkey.bash sftp.yourserver.com dave
on 2008-12-31 00:36:33
hi, this is a great post thanks. Do you know any way to automate this if the remote system is an ftp server?
on 2008-12-01 08:43:56
@ Mohamed: That's currently not supported in the script. You may want to hack it in there by using the -p switch behind ssh.
I'm currently in the process of building a centralized bash library over at http://kvzlib.net, I may build support into it over there if needed.
on 2008-11-27 14:41:07
what if the ssh port is different from the default 22 ?
on 2008-11-14 21:24:15
@ Mike: Took a look at the source, and it looks cool Mike, thanks for sharing.
on 2008-11-14 20:33:10
This worked great for me thanks. I actually ported the script to Python for no real reason except that I like to keep all my little tools in Python. :)
If its useful to anyone, you can see it here:
on 2008-11-03 10:12:51
@ Steve: You are correct, I've updated the artciel. Thanks for helping out!
on 2008-10-22 19:18:46
You forgot to document a requirement of your script - the second host name argument for hostnames other than root@host.
An example is Puppy Linux's use of user Spot@host, for ssh rather than root. If you enter Spot@host, your script actually tries to use root@spot@host.
You did include code to allow non-root installation with the following two argument syntax:
instkey.bash host username
but you forgot to mention it.
Hope this helps!
on 2008-08-27 16:35:55
@ Luke Stanley: Could you be more specific?
on 2008-07-29 14:34:11
It didn't work…
on 2008-07-25 17:05:19
Beautiful little code, it really works!!
I've learned a little today, thanks!:-)
on 2008-05-15 18:32:05
Make sure you update and re-generate all your keys on Debian-derived distros ..
on 2007-10-25 19:15:09
@ Jeff: It would help if you'd be more specific.
on 2007-10-25 18:57:17
Yea, it didn't work.
on 2007-09-26 11:19:54
@ Manni: I will look into it, thanks again!
on 2007-09-26 09:39:02
You are right, cron-jobs make this a little more complicated, but it still works.
This article has some good information: http://www.ucolick.org/~sla/ssh/sshcron.html
Not only can you use passphrase-protected keys with cron jobs, you can also secure the remote machine so that it will only execute a certain command for a certain key.
on 2007-09-25 22:57:20
@ Manni: Thanks I didn't know about that. But what about cronjobs? Do you know if you can automate ssh-add as well?
on 2007-09-25 22:43:58
Why recommend to skip the passphrase? Always secure your private keys with a passphrase or your in deep, deep trouble when someone can steal the key.
You might say that you are back to where you started, entering passphrases instead of passwords every time you want to access a remote machine. But you can simply run 'ssh-add' when you login and your passphrase will be remembered until you log out again.