Implementing a SSH keychain under Mac OS X

I have been spending quite a bit of time developing a better infrastructure to maintain my websites. Specifically my new blog system. For my none techie friends this will not be interesting, but I finally figured out how to get SSH to log into a remote server using stored keys and passphrases so that I can avoid having to enter a password everytime. Even though I am not using a password, the actually security is increased.

My first problem was that after creating the RSA/DSA keys and installing them on my server, SSH still required a password. After many hours of research on Google, I discovered the problem wsa that the file permissions were too permisive on remote users home directory. Strange considering this was a default setting . . .

Next I wanted to make use of the key_agent feature of SSH to facilitate automatic logining, and I found this very cool program via Mac OS X Hints.com called keychain that helps with key session management.

After much nashing of teeth and pulling of hair, I got the keychain to work. The current version of the keychain software has evolved beyond what was descibed in an article at IBM's developer works. keychain is now smart enough to work with different shells automatically.

The keychain program no longer makes the ~/.ssh-agent file to cache the keys, instead there is a ~/.keychain folder that includes files for use by different shell programs. I use tcsh as my shell so I added these lines to my .tcshrc file:

/usr/bin/keychain ~/.ssh/id_rsa ~/.ssh/id_dsa ~/.ssh/identity

source ~/.keychain/YOURHOSTNAME-csh 

where YOURHOSTNAME will naturaly be what every is your systems name.

Now auto login joy