I wrote recently about using Subversion over SSH. A minor annoyance with that setup is the need to enter your system password at least once, and sometimes multiple times depending on the action you are taking. There are also times when a remote system needs to access another system via a cronjob or other automated operation. On top of that, some people are just lazy and hate typing a password. Setting up passwordless SSH is quick and painless.
These instructions are designed for UNIX-like systems. Please remember that a
$ is used to signify a shell prompt and should not be typed.
Generate RSA keys on the client side. This is as easy as issuing a
ssh-keygencommand and hitting enter several times. Remember to hit enter without entering a password when prompted (otherwise, you'll have to use that password instead of your system password!).
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/slap/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/slap/.ssh/id_rsa.
Your public key has been saved in /Users/slap/.ssh/id_rsa.pub.
The key fingerprint is:
The key bit of data is in the
id_rsa.pubfile in the
.ssh/id_rsa.puband copy to clipboard. Pretty straightforward,
cat .ssh/id_rsa.pub(assuming you are in your home directory) and copy it to your clipboard via your system's normal method.
SSH into the server.This uses the boring old password method. This should be the last time for that!
.ssh/authorized_keysand assign permissions. You can create the file with
touch .ssh/authorized_keys. The SSH server daemon is very particular about the permissions of this file. If the permissions are too loose, it won't read the keys inside and you'll have to keep using your password. Make the file readable and writable only by you via
chmod 600 .ssh/authorized_keys.
Add the public key to
.ssh/authorized_keys. Finally, use your favorite text editor to add the key information you copied to your local system's clipboard to the
.ssh/authorized_keysfile. In the case of an RSA key, you should have three elements on one line.
And that's it. From now on, you should be able to
slogin into this system without entering a password. You'll need to repeat the steps for each client you want to log in from in this manner.