This document describes the procedure to setup "ssh" to allow a user to login to a remote machine without requiring a password. This procedure assumes that "ssh" is installed and operational, and the user performing this procedure has an identical username on each machine involved in this process.

Generate the public/private keys

As the user you want to be able to login without entering a password, generate the pubic/private keys using the "ssh-keygen" utility. For this first example, do not enter a passphrase. The next example will illustrate how to use the passphrase.

$ ssh-keygen  -t  rsa
            

Copy the public key to the remote location

Copy the public key, generated from the previous command, to the remote location using the "scp" utility (or the utility of your choice). The public key will exist in the home directory of the user under the subdirectory ".ssh" and will have the filename "id_rsa.pub". This file should be copied to the remote location to the ".ssh" subdirectory under the users home directory, and have the remote filename of "authorized_keys2". Before copying the file, set the permissions of the file to "644". In the following command the variable "${REMOTEMACHINE}" represents the IP name of the remote machine.

$ chmod  644  ~/.ssh/id_rsa.pub
$ scp  ~/.ssh/id_rsa.pub  ${REMOTEMACHINE}:.ssh/authorized_keys2
            

Test the password-free login

The password-free login setup is complete and can be tested using "ssh" or any other secure remote command. In the following command the variable "${REMOTEMACHINE}" represents the IP name of the remote machine.

$ ssh  ${REMOTEMACHINE}
            

This next example illustrates the use of the "passphrase" with the "ssh-keygen" utility. This technique requires the user to enter a "passphrase" when a command is executed initially, but then automatically performs authentication to remote machines. So once the initial passphrase is entered, the user can execute as many remote commands as they wish without entering a password.

Generate the public/private keys

As the user you want to be able to login without entering a password, generate the pubic/private keys using the "ssh-keygen" utility. You will be asked to enter a "passphrase" and to verify that "passphrase". Enter a value you wish to use.

$ ssh-keygen  -t  rsa
            

Copy the public key to the remote location

Copy the public key, generated from the previous command, to the remote location using the "scp" utility (or the utility of your choice). The public key will exist in the home directory of the user under the subdirectory ".ssh" and will have the filename "id_rsa.pub". This file should be copied to the remote location to the ".ssh" subdirectory under the users home directory, and have the remote filename of "authorized_keys2". Before copying the file, set the permissions of the file to "644". In the following command the variable "${REMOTEMACHINE}" represents the IP name of the remote machine.

$ chmod  644  ~/.ssh/id_rsa.pub
$ scp  ~/.ssh/id_rsa.pub  ${REMOTEMACHINE}:.ssh/authorized_keys2
            

Create an alias (optional)

Create an alias that will execute a command under the control of the "ssh-agent". The command to be executed should be a command that will allow the user to execute other commands, such as a shell or X-Windows. The following example uses the Korn Shell.

$ alias ssh-ksh="ssh-agent /usr/bin/ksh"
            

Execute a command under control of "ssh-agent"

Execute a shell command or X-Windows under control of the ssh-agent. Then add your passphrase to the list of known identities using the "ssh-add" utility. You will be prompted to enter your "passphrase". The following example assumes you created the alias in the previous step.

$ ssh-ksh
$ ssh-add
  Enter passphrase? <enter your passphrase here>
            

Execute remote commands

The password-free login setup is complete and can be tested using "ssh" or any other secure remote command. In the following command the variable "${REMOTEMACHINE}" represents the IP name of the remote machine.

$ ssh  ${REMOTEMACHINE}