keychain

First of all, we have to install package called keychain. (pacman-g2 -S keychain)

In the next step we have to create a new key. A key stands from two parts, a public and a private part. It means two different files in your ~/.ssh/ directory.

Your key is generated by a program called ssh-keygen. It’s a part of openssh package. Run ssh-keygen -t dsa! You’ll see something like this:

voroskoi@kavics~$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/voroskoi/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/voroskoi/.ssh/id_dsa.
Your public key has been saved in /home/voroskoi/.ssh/id_dsa.pub.
The key fingerprint is:
ac:47:93:29:d2:c4:e1:85:47:5c:c1:36:93:74:e9:08 voroskoi@kavics

It’ll generate for us the two parts of the key. The program asks where do you want to save the keys, it’s good to simply push an enter. After that You have to type in the passphrase of the key two times. It’s really important to chose a hard passphrase. It should contain lower-/uppercase characters, digits, possibly special characters too. The length must be at least 10 characters! We have to type in this passphrase only once after every restart we shouldn’t choose an easy one.

If everything works fine, then we have an id_dsa and an id_dsa.pub file in our ~/.ssh/ directory.

voroskoi@kavics~/.ssh $ ls -la
drwx------   2 voroskoi users   5 2005-04-13 13:39 ./
drwx--x--x  38 voroskoi users  67 2005-04-13 13:24 ../
-rw-------   1 voroskoi users 736 2005-03-01 21:25 id_dsa
-rw-r--r--   1 voroskoi users 605 2005-04-11 04:18 id_dsa.pub
-rw-r--r--   1 voroskoi users 230 2005-04-11 04:26 known_hosts

Now, we would like to use our newly generated key. We have to do the following:

$ scp ~/.ssh/id_dsa.pub username@remote_machine:
$ ssh username@remote_machine
$ cat id_dsa.pub >> ~/.ssh/authorized_keys
$ rm id_dsa.pub
$ exit

Good to know, that this time(I mean when we run scp and ssh commands) we can’t use our key’s passphrase, so we have to use our password on the remore_machine. If it’s done without any mistake on next login the remote_machine will ask for our key’s passphrase.

And here comes keychain. In openssh package there is a program called ssh-agent. You can store keys in ssh-agent. Keychain just makes easier using of ssh-agent and adds some new features.

This time i assume that we use bash. If we would like to use keychain with an other shell, then we can use man keychain:-) So, let’s take out favourite editor and add the following lines to ~/.bash_profile file:

keychain -q id_dsa
[ -f $HOME/.keychain/$HOSTNAME-sh ] && source $HOME/.keychain/$HOSTNAME-sh