Setting up public key authentication over SSH
Generate key on local machine
1 | ssh-keygen -t rsa |
It will ask you for a password but you can leave it blank.
Note you could also pick -t dsa if you prefer.
Ensure that the remote server has a .ssh directory
Make sure the server your connecting to has a .ssh directory in your home directory. If it doesn't exist you can run the ssh-keygen command above, and it will create one with the correct permissions.
Copy your local public key to the remote server
If your remote server doesn't have a file called ~/.ssh/authorized_keys2 then we can create it. If that file already exists, you need to append to it instead of overwriting it, which the command below would do:
1 | scp ~/.ssh/id_rsa.pub remote.server.com:.ssh/authorized_keys2 |
Now ssh to the remote server
Now you can ssh to the remote server without entering your password.
Security
If you are unable to login without being prompted for a password it is likely the result of improper permissions being set on .ssh/ and its children. SSH is picky about permissions; to fix the problem, ssh to the remote server and issue the following command:
1 | chmod -R 700 .ssh/ |
Now keep in mind that all someone needs to login to the remote server, is the file on your local machine ~/.ssh/id_rsa, so make sure it is secure.
Reference: http://www.petefreitag.com/item/532.a
Remove SSL key file pass-phrase
Sometimes you may want to remove the pass-phrase from your SSL key file. A specific use case is with a webserver (Apache, Cherokee, etc) where you do not want to be prompted to enter the pass-phrase each time the server starts. Requirements like these can get in the way of automated system procedures.
Removing the password is simple:
1 | root# openssl rsa -in www.yourdomain.com.key -out www.yourdomain.com.key |
Reference: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html