Setting Up SSH Keychain

Keychain is an amazing piece of software which brings together multiple password agents and allows for seamless integration with both interactive shells and shell scripts.

emerge -av keychain

If you've already set up your client ssh key and bashrc, you are set. You can exit the terminal session and log in again. You should be greeted with the following.

 * keychain 2.8.5 ~ http://www.funtoo.org
 * Inheriting ssh-agent (5883)
 * Adding 1 ssh key(s): /root/.ssh/id_rsa
Enter passphrase for /root/.ssh/id_rsa:

After entering your key password, you should see ssh-add: Identities added: /root/.ssh/id_rsa. You can then try to login and should be able to connect to your remote server without being asked for a password using your private key.

Setting up passwordless SSH for scripts

Sometimes you will want a script to run commands via ssh (like rsync). Once keychain is configured, you can add the following to your scripts to enable passwordless login.

# source password variables in scripts
source ~/.ssh/.keychain/$HOSTNAME-sh
source ~/.ssh/.keychain/$HOSTNAME-sh-gpg # if using gpg

This is one of my favorite setups.