What Jean-Yves suggested assumes that you already have started an ssh-agent.
This is really the preferred way
because you still leave your RSA keys passphrase protected, and yet only have to enter the phrase once until you end the shell where the agent is taking control of phrase exchange.
In case you haven't running an agent
(can be easily checked by looking for SSH* environment), for a Bourne compatible shell run
$ eval $(ssh-agent -s)
It should respond with showing its PID
e.g.
Agent pid 27938
but also it should have exported these variables to your shell's environment
$ env|grep SSH
SSH_AUTH_SOCK=/tmp/ssh-ivkBa27897/agent.27897
SSH_AGENT_PID=27938
Then you can check which RSA keys it has loaded
$ ssh-add -l
The agent has no identities.
Then ad lib ssh-add as many keys as you please
$ ssh-add .ssh/id_rsa
Identity added: .ssh/id_rsa (.ssh/id_rsa)
If your key is passphrase protected
this would be the time the agent asks once
and never again for the phrase.
As you can see, I have implemnted poor security with my key since I wasn't asked.
If you now repeat the ssh-add -l
the agent should show the fingerprint of the added key.
From now on, any ssh to any host where this key has been distributed should work without
being asked for pass phrases any more.
You can safely finish the agent by
ssh-agent -k
which ideally should be put in a trap on EXIT.
However, if you don't care so much about security (for instance scripts would require full batchmode, but those should be "protected" by command keys) you can at any time revoke the passphrase of a key by
$ ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
Simply specify -N "" at above command.
But please, be aware of the consequences in doing so, and first think of all the hosts you have this key distributed to!
Is their environment really safe enough for passphrase-less keys?
Madness, thy name is system administration
