Introduction

I have multiple OS X (sierraOS) machines that need to be tied together seamlessly with multiple SSH server keys where the servers keep changing. I would like to login to any of my servers from my multiple machines without thinking about transferring data between each of my personal computers. I will describe what is needed so you don’t need to carry around a thumb drive with all your private key files and a list of IP addresses or hostnames to memorize.

Disclaimer

Convenience over security is described here, so make sure you protect your private key with a strong passphrase as you will be storing your private key in your personal cloud. If your cloud server gets compromised and your private key’s passphrase is cracked, then it’s game over.

Requirements

  • multiple OS X machines
  • one or more servers with private/public key pairs established
  • ownCloud server
  • ownCloud client set up on your personal computers
  • some command line knowledge

Login Bash Script

First, we will need to make a bash script that will automate our logins. Instead of always typing

ssh -i ~/.ssh/privateKeyFile -p 2222 username@123.123.123.123

you can automate this with a bash script which I described here. Once the script is set up, all you have to do is run it and it will display a list of servers that you can connect to, and it will do the rest. Below is a modified snippet of the bash script. Modify it to your needs

#!/bin/bash

# This script will ask which servers you
# would like to SSH into automatically

# IP Definitions for easier modification
# Assign IPs to variables (no spaces or dashes allowed):
HEAPGEEK=123.123.123.123
VPN=123.123.123.124

# So you can reference the script path from an alias
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# Print the directions to the end user
clear
echo --- SSH Logins ----
echo Please select number from list below:
echo 1 heapgeek.com
echo 2 VPN

# Read the user input
read option
if [ "$option" = "1" ]
    then
        echo You have selected option 1
        echo Loading . . .
        sleep 2
        ssh -p 2022 -i privateKeyFile1 joseph@$HEAPGEEK
elif [ "$option" = "2" ]
    then
        echo You have selected option 2
        echo Loading . . .
        sleep 2
        ssh -p 2022 -i $DIR/privateKeyFile2 joseph@$VPN
else
    echo Invalid Option
fi
sleep 3

Moving the Script and Private Keys to ownCloud

Now we will save the above script (tailored to our server configurations) name as logins.sh into our main local computer’s .ssh directory. Also we must ensure that we have any referenced private/public key files in same .ssh directory. Finally, we will ensure that the permissions are set correctly to our script and private keys by doing a chmod 700 on our logins.sh script and a 600 on our private key files.

We will next move the entire .ssh directory from our main local computer to the root directory of our ownCloud server by first making a .ssh folder, and then moving our script and key files.

mkdir ~/ownCloud/.ssh/

mv ~/.ssh/* ~/ownCloud/.ssh/

Notice above that I’m using absolute paths to my home directory. Modify this to your needs if your SSH keys or ownCloud root is located elsewhere.

Syncing Hidden Files

Next, we will need to go into the ownCloud’s preferences of your main computer (and subsequent computers) and enable the Sync hidden files checkbox under ownCloud > Preferences > General > Edit Ignored Files > Sync hidden files

After a bit, you will see a notification that those files have been synced. To make sure, we can open up the terminal on the second computer and do a ls -la within your root ownCloud directory and see the .ssh folder there.

Testing and Debugging Your Script

Finally, we can test and debug our script to ensure it works across computers. You can navigate to within your newly synced .ssh directory and use the ./logins.sh command to invoke your script. If you get a permission denied, you will need to ensure that read, write, and execute are set for your user (by doing a chmod 700 logins.sh command discussed earlier). Same thing for our private keys ensuring they’re set to 600.

Once you get your script to run, if you get another error that permission denied/public key, then that means that your path is incorrect in your script pointing to your private key file. If you have your private key in a different directory, then point your script to that path (ensuring the path is the same on the other machines too). Otherwise, keep your logins.sh and private key files under your ownCloud .ssh directory.

Simple Alias to your Script

If you don’t want to navigate to your ownCloud .ssh directory to run your login.sh script, you can simply insert an alias into your .bash_profile file. Simply navigate to your home directory with cd ~/ and run a ls -la to display all files within that directory including hidden ones. You should see a file name .bash_profile which you can edit within nano by running a nano .bash_profile command. In this file you can append this to the end:

alias DOlogin='~/ownCloud/.ssh/logins.sh'

Where DOlogin is the command you want to type to have instant access to your login script. You can call your script with anything, but make sure it doesn’t conflict with other built in commands. Modify the path above to where your login script resides within your ownCloud installation. Once done, you will need to save and exit nano with CTRL-X… Y… Enter… Next you will need to tell the OS that you changed your profile, so run source .bash_profile. You will need to set up the alias on each machine individually that has ownCloud installed.

Conclusion

You have learned how to establish a universal SSH login script that will sync across multiple OS X ownCloud machines.