UPDATE: I changed ‘>’ (erase file, then write to file) to ‘>>’ (append to file). This avoids you overwriting your, or other peoples’, public keys.
Setting up password-less logins is both dangerous, and mighty. It allows one to authenticate to an OpenSSH server without typing in a password. Authentication is gained via knowledge of a private key.
Generate a Public/Private Key Pair
$> ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/felipe/.ssh/id_rsa): Enter passphrase (empty for no passphrase): <ENTER> Enter same passphrase again: <ENTER> Your identification has been saved in /home/felipe/.ssh/id_rsa. Your public key has been saved in /home/felipe/.ssh/id_rsa.pub. The key fingerprint is: d7:79:c3:01:ce:90:71:a2:a2:3d:83:26:fb:9a:1f:5b firstname.lastname@example.org
You will then find two files inside your directory. Keep them safe, secure, and secret. The public key (the one with .pub at the end) can be widely disemmindated. It represents the antonym of secrecy and privacy. The private key, however, must remain private and secret at all times.
Copy the PUBLIC key to a remote OpenSSH server
You must copy your public key to a remote host. The host will verify that you own the private key by encrypting a “challenge” and forcing your ssh client to decrypt it. If successful, you are authenticated, and admitted entrance. A password isn’t required.
$> cat /home/felipe/.ssh/id_rsa.pub | ssh email@example.com \ "cat - >> .ssh/authorized_keys" firstname.lastname@example.org's password: <PASSWORD>
This copies your public key the authorized_keys file (NB: authorized_keys2 is deprecated and no longer recommended for use. OpenSSH checks both).
‘logout’ or ‘exit’ and try:
$> ssh email@example.com
It should not ask you for a password. You should automatically be logged into the remote system.
Works with scp and rsync too!
‘scp’ and ‘rsync’ both use a ssh client at the backend, and so will also authenticate automatically utilising your public and private key pair. Try:
$> scp file_a firstname.lastname@example.org:file_b
This should transfer without pausing to ask for your password. Likewise try:
$> rsync -r /backups/2010/Jan email@example.com:/backups/2010
This should backup your entire directory to remote-host.com without pausing to ask for a password. You can put a line similar to this one in a shell script, and run it with cron once a week or so. It will automatically backup your system, using OpenSSH, and proven secure and safe method for authentication of human and machines across an untrusted public network, away from curious eyes.