Linux/Mac OS X: Allow ssh access to server without requiring password.
1) Generate a new key (the -f command -f ~/.ssh/access gives it an optional name, -C allows for a comment):
xtian@desktop$ ssh-keygen -C commont_or_purpose -d Generating public/private dsa key pair. Enter file in which to save the key (/home/xtian/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xtian
/.ssh/id_dsa. Your public key has been saved in /home/xtian
/.ssh/id_dsa.pub. The key fingerprint is: 33:3c:5c:41:98:1b:fc:f5:9e:69:56:2e:0b:f1:24:7fxtian
-d option specifies DSA keys (instead of RSA keys). The
ssh v2 protocol uses DSA keys, and is widely regarded as more secure than v1.
* After entering the command, hit enter three times (to take the default filename, and to enter no passphrase.)
* Congratulations. Your public and private keys are now saved to
2) Copy the key to your Web server:
@desktop$ scp ~/.ssh/id_dsa.pub www.stonescape.net:.ssh/authorized_keys2
* At this point, if you've never used ssh from your OS X box before, you'll be prompted to verify the fingerprint of the server's key. Answering "yes" will save the server's fingerprint in a local cache. Should the fingerprint ever change, ssh (and scp) will sound an alarm, as this could be an indication of a man-in-the-middle attack in progress.
* You will be prompted for your password on the Web server. Enter it, and the key file will be copied.
3) Modify the key to your Web server:
xtian@desktop$ ssh stonescape.net
xtian@server$ cd .ssh
xtian@server$ cat id_dsa.pub >> authorized_keys2
xtian@server$ rm backup.pub
* You will be prompted for your password on the Web server.
4) Test the
@stonescape$ ssh www.stonescape.net login: Mon Oct 29 10:58:32 2001 from desktop.stonescape.comxtian
* It should log you in without a password. If not, check your work. Also check that your Web server allows public key exchange (it's on by default, and is rarely disabled. Check with your friendly local sysadmin if you're not sure.)