Tweet
I was helping a client setup ssh with public/private keys between two servers, so that they could use ssh, scp and sftp without having to enter passwords. This was primarily so that they could script a secure file transfer between the two servers. below are the steps taken to set everything up.
Note: the usernames and passwords have been changed, to ensure the systems remain secure. I've provided dummy keys below for reference.
First, we need to login to the client machine (the one that starts the ssh/scp/sftp connections) and create an ssh key pair. When it prompts for a password for the key, just press enter (don't enter one). While this does reduce the security of the implementation, it ensure that automated processes don't need passwords when connecting from client to server.
Next, we'll take a quick look at the ssh public key, just to see what it contains.
Once we've verified that it exists, we can copy it over to the server(s) that we want to login to without passwords.
Next, login to the server, so that we can put the ssh key into place.
Next, ensure the permissions of the authorized_keys* files are 644 - if they are more relaxed than this, OpenSSH will notice and you'll continue to get prompted for a password.
I like to verify the contents of the authorized_keys file, just in case 
Now, log back into the client machine and test it!
From this point on, you can ssh, scp and sftp into the server without a password.
Note: the usernames and passwords have been changed, to ensure the systems remain secure. I've provided dummy keys below for reference.
First, we need to login to the client machine (the one that starts the ssh/scp/sftp connections) and create an ssh key pair. When it prompts for a password for the key, just press enter (don't enter one). While this does reduce the security of the implementation, it ensure that automated processes don't need passwords when connecting from client to server.
Code:
freddy:~ cwplough$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/cwplough/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/cwplough/.ssh/id_dsa. Your public key has been saved in /home/cwplough/.ssh/id_dsa.pub. The key fingerprint is: 23:30:5d:45:c5:37:27:38:7e:66:2a:46:59:15:3a:f8 [email][email protected][/email]
Code:
freddy:~ cwplough$ cd .ssh freddy:~/.ssh cwplough$ more id_dsa.pub ssh-dss AAAsd3NzaC1kc3MAAACBAMTf2OqoiHQ3kJlYp2mxr7fAYQ6VdkOVTR0G3lEgXQItJ/sRA478djd938V0FtjCyZ9jIFb0GBXJnUa+rWU1moQWciMwc7cHuWh3Iana4CuDBG1oCUEAgdg10t7EKse3OMLBk+4hGQVIgfkdkd+seGtYb62kRZsJMN/RGAJBta49JAAAAFQCN72UA0+ms1Tn7aqtfxTwYUts0twAAAIEAki82UN5KS5sKOmhagEwjVBbHGVjJb/badkldkdvmTVyCHWOxbmIWy8XyWguBZlowqjz5wibIM6N4Fj4XI7Z3zuXCXnEpvvlYeS4fpBzwGZ7pUA83qXxh3QZ0YP+NvSv8Xe7jw2+Kq7KVtgK0UN1dEuBtUl2Tbwr9jFLoAzbi6DgIAAACBAJ3gBqdFoCJ1KCo/jjkGzrkvp4N1B0qVGh2u7D0DtZqhAhULHEfmUdjdjQ4ZfnNsD2ZKvjFVMzZQQsKMFXD98mXJ5qvS8lPJ6KcZHfZdpp4y5iWAg/WqnU8HbroQKN9vt/HJ6xqQ5hATCrNYvswNgcWfS9wsdfsdfssdU9FPkJxaT [email][email protected][/email]
Code:
freddy:~/.ssh cwplough$ scp id_dsa.pub [email][email protected][/email]:~/
Code:
cwplough@ginger [~]# mkdir .ssh #if the directory already exists, you can skip this step. cwplough@ginger [~]# cat id_dsa.pub >> .ssh/authorized_keys cwplough@ginger [~]# cd .ssh cwplough@ginger [~/.ssh]# ln -s authorized_keys authorized_keys2
Code:
cwplough@ginger [~/.ssh]# chmod 644 authorized_keys*
Code:
cwplough@ginger [~/.ssh]# cat authorized_keys ssh-dss AAAsd3NzaC1kc3MAAACBAMTf2OqoiHQ3kJlYp2mxr7fAYQ6VdkOVTR0G3lEgXQItJ/sRA478djd938V0FtjCyZ9jIFb0GBXJnUa+rWU1moQWciMwc7cHuWh3Iana4CuDBG1oCUEAgdg10t7EKse3OMLBk+4hGQVIgfkdkd+seGtYb62kRZsJMN/RGAJBta49JAAAAFQCN72UA0+ms1Tn7aqtfxTwYUts0twAAAIEAki82UN5KS5sKOmhagEwjVBbHGVjJb/badkldkdvmTVyCHWOxbmIWy8XyWguBZlowqjz5wibIM6N4Fj4XI7Z3zuXCXnEpvvlYeS4fpBzwGZ7pUA83qXxh3QZ0YP+NvSv8Xe7jw2+Kq7KVtgK0UN1dEuBtUl2Tbwr9jFLoAzbi6DgIAAACBAJ3gBqdFoCJ1KCo/jjkGzrkvp4N1B0qVGh2u7D0DtZqhAhULHEfmUdjdjQ4ZfnNsD2ZKvjFVMzZQQsKMFXD98mXJ5qvS8lPJ6KcZHfZdpp4y5iWAg/WqnU8HbroQKN9vt/HJ6xqQ5hATCrNYvswNgcWfS9wsdfsdfssdU9FPkJxaT [email][email protected][/email]
Code:
freddy:~ cwplough$ sftp [email][email protected][/email] sftp>