Secure Shell
Ways to make SSH a little easier to use.
Being comfortable with Secure Shell (SSH) makes certain kinds of development work much easier, specifically for remote Git authentication.
Install OpenSSH
To generate keys and connect to servers with an SSH client, OpenSSH must be installed on your computer.
It may already be installed if you're using some flavor of Unix or a newish version of Windows. Find out by running
ssh -V
If that didn't work, install it using your preferred package manager, or enabling the "OpenSSH Client" feature on Windows.
Generate an SSH key pair
Use the ssh-keygen command to generate your private and public key pair:
ssh-keygen -t ed25519 -C "$USER@$HOST"
Arguments:
-t ed25519: Create a key pair using the Ed25519 signature scheme (the default since OpenSSH 9.5). This produces smaller, more-manageable public keys than the previous default RSA.-C "$USER@$HOST": Set the "comment" of the SSH key to the current user and the current computer name, e.g.noelle@leela. The-Cargument can be any string you want. Its purpose is to identify the source of the key among a list of keys.
The command will prompt you for:
- The filename and location of the key pair: Accept the default by pressing Enter.
- A passphrase: Generate a unique passphrase, store it in a password manager, then paste it into the prompt and the confirmation afterwards.
Once that's done, you'll have two new files in ~/.ssh/: id_ed25519 and id_ed25519.pub (if you accepted the default). id_ed25519 is your private key and it should never be shared with anyone. id_ed25519.pub is your public key, which you'll provide to servers you wish to connect to.
If you're performing SSH operations from multiple devices, repeat these steps for each one, providing a unique -C comment and passphrase for each key you generate.
Use an SSH agent
An SSH agent is a background service that can remember your key passphrases for you so you don't have to enter them every time you want to do something over SSH (like git pull operations).
The solutions here will allow you to enter your passphrase only once per login session with ssh-add, or even never depending on what software is used.
Linux
If you're using GNOME, gnome-keyring is a nice way of managing your SSH key passphrases by unlocking them seamlessly when you log in.
However if you're in a more constrained environment like a Chromebook, you'll need to launch ssh-agent yourself. Here's a script that works for me and has reduced my frustration with re-entering my passphrase considerably.
#!/bin/bash
# Make sure the directory exists to hold the file
DIR="$HOME/.config" && mkdir -p $DIR
FILENAME="ssh-agent.env"
# If ssh-agent isn't running, run it and put its vars in a file.
if ! pgrep -u "$USER" ssh-agent > /dev/null; then
ssh-agent > "$DIR/$FILENAME"
fi
# If $SSH_AUTH_SOCK is undefined, source the vars file.
if [[ ! "$SSH_AUTH_SOCK" ]]; then
source "$DIR/$FILENAME" >/dev/null
fi
(Adapted from SSH keys - ArchWiki)
Save this script as a file somewhere (e.g. ~/.ssh-agent) and execute it in your shell's startup script (e.g. ~/.bashrc) like so:
# Start SSH agent
if [ -f ~/.ssh-agent ]; then
. ~/.ssh-agent
fi
Restart your terminal, then add your key by running:
ssh-add
macOS
The macOS Keychain can serve as your SSH agent by adding this to your ~/.ssh/config file:
Host *
UseKeychain yes
AddKeysToAgent yes
Then adding the key to the agent (macOS 12.0 Monterey or newer):
ssh-add --apple-use-keychain
On versions older than macOS 12.0 Monterey:
ssh-add -K
Source: GitHub Docs: ssh-add: illegal option --apple-use-keychain
Windows
Open the Services program, set the "OpenSSH Authentication Agent" service to startup automatically, then start the service.
If you're using Git for Windows, make sure you choose the option labeled "Use external OpenSSH" in the "Choosing the SSH executable" step of the installer.
Then, add your key to the agent:
ssh-add
Source: Microsoft Learn: Key-based authentication in OpenSSH for Windows