If you’ve dabbled with SSH much, for example by following the excellent
suso.org tutorial a few years ago, you’ll know about adding keys to allow
passwordless login (or, if you prefer, a passphrase) using public key
authentication. Specifically, you copy the public key
~/.ssh/id_dsa.pub off the machine from which you wish to connect into the
/.ssh/authorized_keys file on the target machine. That will allow you to open
an SSH session with the machine from the user account on the local machine to
the one on the remote machine, without having to type in a password.
tom@conan:~$ scp ~/.ssh/id_rsa.pub crom:.ssh/conan.pubkey tom@conan:~$ ssh crom Password: tom@crom:~$ cd .ssh tom@crom:~$ cat .ssh/conan.pubkey >>~/.ssh/authorized_keys
However, there’s a nice shortcut that I didn’t know about when I first learned
how to do this, which has since been added to that tutorial too — specifically,
ssh-copy-id tool, which is available in most modern OpenSSH distributions
and combines this all into one less error-prone step. If you have it available
to you, it’s definitely a much better way to add authorized keys onto a remote
tom@conan:~$ ssh-copy-id crom
Incidentally, this isn’t just good for convenience or for automated processes;
strong security policies for publically accessible servers might disallow
logging in via passwords completely, as usernames and passwords can be guessed.
It’s a lot harder to guess an entire SSH key, so forcing this login method will
reduce your risk of script kiddies or automated attacks brute-forcing your
OpenSSH server to zero. You can arrange this by setting
no in your
sshd_config, but if that’s
a remote server, be careful not to lock yourself out!