For this you required to generate your own personal set of private/public pair. ssh-keygen is used to generate that key pair for you.
On the user’s home directory, on the localhost, type
[local-host]$ ssh-keygen -t dsa
This will ask you a passphrase. A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Once entered the passphrase you will be prompted to enter the same passphrase again for confirmation.
The private key was saved in .ssh/id_dsa and the public key .ssh/id_dsa.pub.
Now, copy the public key to the remote machine
[local-host]$ scp .ssh/id_dsa.pub user@remote:~/.ssh/id_dsa.pub
Now, login into the remote machine and go to the .ssh directory on the server side
[local-host]$ ssh user@remoteNow, add the client’s public key to the known public keys on the remote machine.
[remote-host]$ cd .ssh
[remote-host]$ cat id_dsa.pub >> authorized_keys2
[remote-host]$ chmod 640 authorized_keys2
[remote-host]$ rm id_dsa.pub
[remote-host]$ exit
Now on the localhost machine, on GNOME select System > Preferences > Sessions.
Select Startup Programs and add a new entry with this command.
eval `ssh-agent`
ssh-agent is a program that used together with OpenSSH or similar ssh programs provides a secure way of storing the passphrase of the private key.
Open terminal and run ssh-add without any arguments, it will ask your passphrase once.
ssh-add adds identities to the authentication agent, ssh-agent.
[local-host]$ ssh-add
Enter passphrase for /home/dipin/.ssh/id_dsa:
Identity added: /home/dipin/.ssh/id_dsa (/home/dipin/.ssh/id_dsa)
NB: No one else must see the content of .ssh/id_dsa, as it is used to decrypt all correspondence encrypted with the public key.
Original post: http://segfault.in/2008/12/ssh-login-without-password/
Comments