First, on the local machine:
$ ssh-keygen -t rsa
This creates an ssh key. You should only do this once, and you only need to do it if you want to set your own password to use with your SSH key. Here are some good reasons to set a password with your SSH key:
- If someone steals your key files, they can't use them.
- Your password will be stored in the Mac OS X Keychain (like so many others), so you usually won't even have to enter it.
- Passwords make life a little bit safer.
Once you've made your keys, you can take a look in your ssh directory to see them:
$ ls ~/.ssh/
authorized_keys
config
id_rsa
id_rsa.pub
known_hosts
In this directory, the two files we care about are id_rsa and id_rsa.pub. id_rsa is your private key. You should leave it where it is, and never share it with anyone. id_rsa.pub is your public key. This is the key you'll add to other computers, and they will match their copy of your id_rsa.pub file to your id_rsa key. authorized_keys is a list of keys from other computers' id_rsa.pub files. To do this in one command:
$ cat ~/.ssh/id_rsa.pub | ssh user@remotehost 'cat >> ~/.ssh/authorized_keys'
You'll have to log in using your normal ssh password in order to do this command, but once you do that, you should be good to go. Please remember to use >> so that you append your key to the list of authorized keys, and not >, as that will overwrite all of the keys on the remote machine.
In your .ssh directory, there is a file config, which sets up your SSH preferences. This file allows you to store default URLs and command line options for connecting to certain hosts. Here's an example:
Host ucolick
HostName ssh.ucolick.org
User myusername
ForwardX11 yes
Port 22
Directives like ForwardX11 are useful, as they will automatically set ssh -X options whenever you connect to that host. For this configuration, I can connect with the command
$ ssh ucolick
And if I've set up my ssh keys correctly, I won't even need a password.
If you log on to a host a lot, you might want to try the program screen. It will allow you to save your state on the remote machine, so that when you log in, you'll see the same terminal commands and state that you had open before. It also allows you to disconnect from your remote host, and the remote host will continue running the programs you started. To launch screen, you can just type screen on the command line, however, there are some conventions that might be helpful.
First, I set up the following command to log onto a remote ssh host, and reconnect to a screen there.
#!/usr/bin/env bash
dest=$1
shift
ssh -t $dest screen -dRR $@
To use this command, make sure it is on your path, then simply do
$ rscreen ucolick
from your local machine in order to connect to a screen on your remote computer.
On my remote machines, I also have the following in a ~/.screenrc file to make my screen a little nicer:
hardstatus on
hardstatus alwayslastline
startup_message off
hardstatus string "%{= kG}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "
shell -$SHELL
deflogin on