Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'ssh-copy-id script code and ssh-agent instructions' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
ssh-copy-id script code and ssh-agent instructions
Authored by: chris7cmcc on Sep 26, '07 04:29:53PM

'Apologies if someone already pasted in the following information,

but OpenSSH should include the very useful ssh-copy-id script.
Apparently the native MAC OSX version does not contain it?

Also, I agree with Slacker--don't use passphrase-less keys, unless you won't care when someone breaks into your system--note the use of "when."

--> use ssh-agent (man ssh-agent)
ssh-agent bash
ssh-add (enter passphrase)
ssh-add -l (see what you got going on now?)

Now (assuming you have your public key added to the dest account's ~/.ssh/authorized_keys file) you should be able to start having some fun.

Now you can ssh without passwords to all hosts you have your key installed on until you terminate your ssh-agent. For added securiy, you could start your ssh-agent like this (will not display its PID):
eval `ssh-agent` > /dev/null


Below is the ssh-copy-id from my Debian box:
less /usr/bin/ssh-copy-id

#!/bin/sh

# Shell script to install your identity.pub on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.

ID_FILE="${HOME}/.ssh/identity.pub"

if [ "-i" = "$1" ]; then
shift
# check if we have 2 parameters left, if so the first is the new ID file
if [ -n "$2" ]; then
if expr "$1" : ".*\.pub" ; then
ID_FILE="$1"
else
ID_FILE="$1.pub"
fi
shift # and this should leave $1 as the target name
fi
else
if [ x$SSH_AUTH_SOCK != x ] ; then
GET_ID="$GET_ID ssh-add -L"
fi
fi

if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
GET_ID="cat ${ID_FILE}"
fi

if [ -z "`eval $GET_ID`" ]; then
echo "$0: ERROR: No identities found" >&2
exit 1
fi

if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
exit 1
fi

{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1

cat <<EOF
Now try logging into the machine, with "ssh '$1'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

EOF

#####

Since it's missing from my OSX box too, here is the man page for ssh-copy-id

SSH-COPY-ID(1)

NAME
ssh-copy-id - install your identity.pub in a remote machine's authorized_keys

SYNOPSIS
ssh-copy-id [-i [identity_file]] [user@]machine

DESCRIPTION
ssh-copy-id is a script that uses ssh to log into a remote machine (presumably using a login password, so password authentication should be enabled, unless
you've done some clever use of multiple identities)

It also changes the permissions of the remote user's home, ~/.ssh, and ~/.ssh/authorized_keys to remove group writability (which would otherwise prevent
you from logging in, if the remote sshd has StrictModes set in its configuration).

If the -i option is given then the identity file (defaults to ~/.ssh/identity.pub) is used, regardless of whether there are any keys in your ssh-agent.
Otherwise, if this:

ssh-add -L

provides any output, it uses that in preference to the identity file.

If the -i option is used, or the ssh-add produced no output, then it uses the contents of the identity file. Once it has one or more fingerprints (by
whatever means) it uses ssh to append them to ~/.ssh/authorized_keys on the remote machine (creating the file, and directory, if necessary)

SEE ALSO
ssh(1), ssh-agent(1), sshd(8)



[ Reply to This | # ]