Blog entry

Passwordless SSH login with multiple identities available

Recently I started creating passwordless SSH logins to servers I need to access, so I can automate tasks. I tend to create a new key pair for each server. Today it didn’t work and it took me several hours to find the solution. So this writeup is to help others (and my future self no doubt).

Create a key pair for the new server and add the public key to the authorized_keys file of the user on the remote server. How this works is written all over the internet so I’ll merely sum it up here. In the example I’m creating one for my local Mac Mini.

ssh-keygen -t rsa -f macmini.pvk

# Then, upload the pub key to the MacMini in the authorized_keys file
cat | ssh mini.local 'cat >> .ssh/authorized_keys' 

# Set the permissions 
ssh mini.local "chmod 700 .ssh; chmod 600 .ssh/authorized_keys" 

# Log into the server without password
ssh mini.local

The user on my Mini is the same as the one on my laptop so the above should work, but it didn’t. It merely asked for a password. The alternative is to use ssh-copy-id which can be used as follows:

brew install ssh-copy-id
ssh-copy-id user@remotehost

Very nice, works in an instance, BUT it merely copies all available private and public keys to the remote server and adds them to the user’s authorized_keys. This is not what I wanted.

However, with only my newly generated key it was impossible to login without password.

ssh mini.local -vv

showed that several key files were offered, but not the one I wanted. This looked a lot like a problem I had before where I suddenly couldn’t log in using keys.

Solution: create an entry in the .ssh/config file and add the appropriate identity file.

Host mini 
    Hostname mini.local
    User user
    IdentityFile ~/.ssh/macmini.pvk
    IdentitiesOnly yes

Problem solved.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.