Thursday, March 29, 2012

Passwordless login with multiple id_rsa and ssh identities

Primarily for my benefit as this topic can be found on tons of google searches. I have different user names such as ~bunwich and ~sandwich on a variety of servers. I want to be able to login without a password by entering ssh bunwich@example1.com or ssh sandwich@example2.com

On my computer, I have two different id_rsa, one for each account. (Also the corresponding id_rsa.pub) The goal is to automatically choose the correct id_rsa for each username and login without a password.

1)  ssh allows you to manage multiple identies using a wild cards and filtering by remote hostname and remote username. You can also filter by local hostname and local username.

From the manual
"The file name may use the tilde syntax to refer to a user's home directory or one of the following escape characters: '%d' (local user's home directory), '%u' (local user name), '%l' (local host name), '%h' (remote host name) or '%r' (remote user name)."

2)  Create the following dirs

~/.ssh/ids/bunwich
~/.ssh/ids/sandwich

3) Copy the id_rsa belonging to each user into these dirs

~/.ssh/ids/bunwich/id_rsa
~/.ssh/ids/sandwich/id_rsa

chmod id_rsa to 600 if it isn't already

4)  Add an IdentityFile entry to you  ssh config file

vim ~/.ssh/config

Add the following line:

IdentityFile ~/.ssh/ids/%r/id_rsa
 
An alternative is to also include a host name for each username.

eg.
IdentityFile ~/.ssh/ids/%h/%r/id_rsa 
 
5) Now make sure that both servers example1 and example2 have a ~/.ssh/authorized_keys and you'll be able to do passwordless logins.

(You create authorized_keys by renaming the id_rsa.pub or appending the id_rsa.pub to the current authorized_keys)



Extra - While you're messing with your config file, why not add an extra visual measure to make sure your host hasn't changed.

VisualHostKey yes to ~/.ssh/config