--- /dev/null
+[[!meta title="Secure Shell"]]
+
+If you want to get anything done on a remote host, you use [SSH][].
+
+Password-less SSH
+-----------------
+
+Since I use SSH a lot, I've gone through the minimal effort required
+to setup password-less SSH between the computers on which I have
+accounts. Note that you should only keep private keys on computers
+that you trust (i.e. computers where you are the only admin).
+
+I don't end up typing these commands very often, so I've created a set
+of three simple scripts ([[ssh-key.sh]], [[ssh-remote.sh]], and
+[[ssh-prime.sh]]), since `ssh-<TAB>` is easier to remember than the
+commands themselves. With the scripts in your path, run:
+
+ $ ssh-key.sh
+
+to generate a SSH private/public keypair. Then run:
+
+ $ ssh-remote.sh me@remote.edu
+
+to configure your `remote.edu` account to allow passwordless logins
+from your new key. After each login, run:
+
+ $ ssh-prime.sh
+
+and enter your passphrase to start the SSH agent, and tell your shell
+about the agent with:
+
+ $ . /tmp/$(whoami)/.ssh/.ssh-agent-info-$(hostname)
+
+I usually prime the SSH agent right after I log in (before running
+[[screen]] or `startx`) to that new terminals come up knowing about
+the agent.
+
+Credits
+-------
+
+This sort of thing is the subject of innumerable websites, but due to
+the fluid nature of the web, they tend to disappear over time. Thanks
+to Ted Dustman (at the University of Utah in 2007) for his post (now
+missing). Still available related posts:
+
+* [Kristina Wanous and company at Debian Clusters][DC]
+
+[[!tag tags/linux]]
+
+[SSH]: http://en.wikipedia.org/wiki/Secure_Shell
+[DC]: http://debianclusters.cs.uni.edu/index.php/Password-less_SSH_for_Users
--- /dev/null
+#!/bin/bash
+#
+# Preate a public/private key for passwordless logins from the current
+# machine.
+#
+# usage: ssh-key.sh
+
+PRIVATE_KEY="$HOME/.ssh/id_rsa"
+CONFIG_FILE="$HOME/.ssh/config"
+HOST=$(hostname -f)
+
+echo "use a long and difficult-to-guess passphrase"
+ssh-keygen -t rsa -f "$PRIVATE_KEY" || exit 1
+cat > "$CONFIG_FILE" <<EOF
+Host $HOST
+ IdentityFile $PRIVATE_KEY
+EOF
+echo "run ssh-remote.sh to configure a remote host"
+echo "run ssh-prime.sh on each login to prime the agent"
+
+exit 0
--- /dev/null
+#!/bin/bash
+#
+# Creates an ssh-agent, writes ssh agent info
+# to the file
+#
+# /tmp/$(whoami)/.ssh-agent-info-$(hostname)'
+#
+# and then prompts user for passphrase(s). Then any shell can use the
+# agent by sourcing the info file:
+#
+# . /tmp/$(whoami)/ssh-agent-info-$(hostname)
+#
+# originally by Ted Dustman
+# http://www.cvrti.utah.edu/~dustman/no-more-pw-ssh/
+
+USER=$(whoami)
+HOST=$(hostname)
+INFO_FILE="/tmp/$USER/.ssh/.ssh-agent-info-$HOST"
+PRIVATE_KEY="$HOME/.ssh/id_rsa"
+
+if [ ! -d "/tmp/$USER" ]; then
+ echo "making directory /tmp/$USER"
+ mkdir "/tmp/$USER" || exit 1
+ chmod 700 "/tmp/$USER" || exit 1
+fi
+
+if [ ! -d "/tmp/$USER/.ssh" ]; then
+ echo "making directory /tmp/$USER/.ssh"
+ mkdir "/tmp/$USER/.ssh" || exit 1
+ chmod 700 "/tmp/$USER/.ssh" || exit 1
+fi
+
+echo "priming agent"
+touch "$INFO_FILE" || exit 1
+chmod 600 "$INFO_FILE" || exit 1
+ssh-agent > "$INFO_FILE" || exit 1
+source "$INFO_FILE"
+ssh-add "$PRIVATE_KEY" || exit 1
+echo "use: . $INFO_FILE"
+echo "to enable the agent in your current shell"
+
+exit 0
--- /dev/null
+#!/bin/bash
+#
+# Set up keyed login to a remote host.
+#
+# usage: ssh-remote.sh [[uname@]remote_hostname
+
+if [ $# -ne 1 ]; then
+ echo "usage: ssh-remote [uname@]remote_hostname"
+ exit 1
+fi
+
+RHOST="$1"
+PUBLIC_KEY="$HOME/.ssh/id_rsa.pub"
+F=".ssh/authorized_keys"
+
+cat "$PUBLIC_KEY" | ssh $RHOST "touch $F; chmod 600 $F; cat >> $F"
+
+exit 0