Setup for transparent SSH with iTerm and AppleScript

I use my MacBook as my main machine from which I access daily a number of servers that I use for development, experimentation, and maintenance. Since I do all my job from the terminal, I end up using SSH extensively. One major issue I have encountered is that SSHing different servers entails (i) having a mental map of which terminals correspond to which machines, and (ii) the overhead of introducing a SSH line immediately after opening a new terminal window. Although this can be mitigated by merely using zsh’s substring history search, aliases, etc., I found it easier to offload the responsibility to my muscle memory. In this post, I will describe my setup which, after over a month of being in production, has proved to make my life easier.

The first step is dropping passwords and using ssh keys. Not only does this free you from entering your password every single time, but it dramatically increases the security of your remote machine. This is done by generating a new pair of keys, setting a password for them (if you feel like it), sending then to the remote machine, and eventually disabling password access.

First, generate the public and private keys. Note that introducing a password is optional:

$ mkdir ~/.ssh; mkdir ~/.ssh/ssh
$ ssh-keygen -t rsa -f ~/.ssh/ssh/$KEYNAME -C $USERNAME@$MAIL

Second, send the public key to the remote machine:

$ scp ~/.ssh/ssh/$ $REMOTEUSER@$REMOTEMACHINE_IP:~/.ssh

Third, you SSH your remote machine and set the public key you just sent in your authorized_keys. Once in the remote machine:

$ cat ~/.ssh/$ >> ~/.ssh/authorized_keys; rm ~/.ssh/$

Finally, disable password access (optional):

$ sudo vi /etc/ssh/sshd_config
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

Once this is in place, you can set aliases to the hosts you use frequently (I personally do this with every machine I access remotely):

vi ~/.ssh/config

And add an entry per remote machine:

IdentityFile ~/.ssh/ssh/$KEYNAME

Now you can access the machine by simply:


If you added a password to the ssh key pair you will be promoted for it. At this point, you can add the password to your keychain and you will not be required to introduce it again.

It is now that iTerm2 profiles come handy. You can create a new profile in iTerm > Preferences. Here, you simply introduce the SSH line to the command entry. You can also define a shortcut. However, iTerm limits the shortcut definition We will see afterwards a better approach to this.

Screen Shot 2015-04-16 at 20.44.18

Using AppleScript it is very simple to open an application and pass it parameters. In the case of iTerm, it is possible to use AppleScript to open a re window/tab and load a profile:

tell application "iTerm"
  tell (make new terminal)
    launch session "uHalley"
  end tell
end tell"

If you use a framework that allows you to manage shortcuts or fast access to scripts such Hammerspoon or Mjolnir ( even Alfred could be forced here, but it my view is not as good as one of the other two for this specific purpose), you can integrate the AppleScript with it and add a shortcut. I personally add Hammerspoon, so in this case (My Hammerspoon configuration can be found in my GitHub):

function loadItermProfile()
    "tell application \"iTerm\" \
       activate \
       tell (make new terminal) \
         launch session \"uHalley\" \
       end tell \
     end tell"

hotkey.bind(cmdshift, 'N', function() loadItermProfile() end)

This way, if I press CMD-n a new “local” terminal window opens; if I press CMD-Shift-n a “remote” terminal window opens (to uHalley in this case). You can add as many profiles and shortcuts as you want, thus delegating the memorizing to your fingers.

Finally, I always show the name of each machine in the prompt so that they are easy to recognize. You can see my zsh configuration inside YADR also in my GitHub. It is also possible to use different color schemes per profile so that you can visually recognize the terminals. I do not do this; the prompt has proved to be more than enough. Besides, I always use salaried.

Enjoy! :)\


One thought on “Setup for transparent SSH with iTerm and AppleScript

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s