# easy ssh with ssh-agent

## parsim

I ssh into four different remote machines fairly often, so I went through the process of generating ssh-keys so I could do this without typing in a password every time.

However, the end result doesn't seem as useful as it should be. Am I doing something wrong, or is this the way it's meant to work?

I'm currently doing this every time I need to ssh:

Think whether I've already sshed to this host since the machine's been booted. If I don't think I have, go to Step 2. Otherwise, if I'm confident, I just 'ssh user@host', but if I'm wrong, it will sit there for a while, then prompt me for "Password:". I need to Control-C this and go to Step 2. If I'm not sure whether I have or haven't, I run "ssh-add -l" and see if the host is on the list.

Execute "ssh-add ~/.ssh/identity.hostname". This asks me for a passphrase (which is long and easy to mistype).

"ssh user@host" and passwordlessly enter the account

Instead, what I'd like to do is this:

"ssh user@host". If I've previously sshed, then I enter passwordlessly. If not, then I'm prompted for a passphrase. Upon entering it, the ssh connection is established. The passphrase will not be required again.

I could ssh-add all four ~/.ssh/identity.host keys at the start of each session, but I don't want to type in four long passphrases when I may not even want to do any sshing that day.

----------

## adaptr

If you have set a different passphrase on every private key you use, then you will indeed have to type in all of them.

The usefulness of ssh-agent comes into play when you trust it to handle your private keys, obviating the need for you to type in more than one passphrase for a complete set of keys you intend to use during a session.

There is generally no need to generate a different key for each host - one key pair will do, just upload the public key to multiple machines.

Use the same passphrase for all of them, just make sure it is strong enough.

ssh-add will try to re-use the last passphrase,so this does make sense.

When you follow this, you type your passphrase once at the beginning of the session, and ssh-agent takes care of the rest.

I would personally put the shh-add sequence in a small script or in bash_login.

Then you will only have to type your passphrase when you log in, and you're set.

----------

## parsim

Aha, thanks! I thought you needed separate passphrases for security reasons.

I've set my passphrases to the same thing, written a little script "ssh-startup":

```
#!/bin/sh

if [ -n "`ssh-add -l | grep has\ no\ identities`" ]; then

    ssh-add ~/.ssh/identity*

fi
```

and added a bunch of aliases to my .bashrc like this:

```
alias ss1='~/doc/scripts/ssh-startup; ssh user1@host1.com'

alias ss2='~/doc/scripts/ssh-startup; ssh user2@host2.net'

...
```

Now I use the aliases to ssh and it only prompts me for a passphrase if I need it; i.e. the first time I ssh that day. And if I don't ssh, I never need to enter the passphrase.

----------

