This topic will show you, how easy we can setup ssh between two systems that we will not need to write password anymore during log in to system. In this case we have user testuser and two servers system1 and system2.
In first step we need to generate ssh key pair, for which we use command ssh-keygen. Note, command for generating ssh keys will ask us for passphrase, this could be empty.
system1:~>; system1:~>; cd .ssh system1:~/.ssh>; system1:~/.ssh>; system1:~/.ssh>; ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/testuser/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/testuser/.ssh/id_dsa. Your public key has been saved in /home/testuser/.ssh/id_dsa.pub. The key fingerprint is: 4f:87:85:e1:24:77:ac:db:d8:51:d7:e5:9a:d5:25:47 [MD5] system1 The key's randomart image is: +--[ DSA 1024]----+ | . +.. ..E| | = +. .+=| | o... .+| | .o. + | | S o=..o | | oo.o | | . | | | | | +--[MD5]----------+ system1:~/.ssh>; system1:~/.ssh>; system1:~/.ssh>; ll total 8 -rw------- 1 testuser users 672 Aug 20 15:49 id_dsa -rw-r--r-- 1 testuser users 607 Aug 20 15:49 id_dsa.pub system1:~/.ssh>; cat id_dsa.pub ssh-dss AAAAB3NzaC1kc3MAAACBAL/tx4X2fodwBpkcNvTNcmQs4on2qI+ow8v/I15sGbqQiBEp0gtj3WYo5dlNEu/Tzwx9x/v350OeWULE1HkuJfp9fRWJrAVaMgr56FgAaZzx9nStCyLCDvmZAtHAOSbLkxGZWZK1sJXP5aYXus2nWlf9S+nR8b5qrsnjv6R7teOvAAAAFQDHcQvnqYAkCoSP3v+wwViEJ7uA6wAAAIEAu5ph0E7rXbcOnSdTyPSi6ZzF5/FDjMq3ZgMDv8Uj84E2ec5PbHb/oAzqMHWwne2ckgE6VMl7PiDm4ChNzgaHsbAe1poBNm4DaoJ5HnOPTdebm5y2AUXRc6AbDLluhLld5FQRkNW4ALkVcwATJBbaPpNAk8CF16HlfpSv/PxqbvUAAACBAJNK+HTGvAafQeypFOV4iPKHbJ1fDVOvmBdeB+uYbNVFndaxzrJuCR7xkuqvKIEI0Fm9E1PPtYto1HwJ7RZfIgAG4gGENY14TFFWTb8bP6QdoIyH+F/Vy8QdYoJU3o2VzSDVfgGNGbeACJwW254GNRsfX9FHWD9ld5MYi6wrmLSV system1 system1:~/.ssh>;
When we have generated key pair we will log in to server system2 and copy generated public key which is stored in file id_dsa.pub to file ~/.ssh/authorized_keys.
system1:~/.ssh>; system1:~/.ssh>; ssh system2 The authenticity of host 'system2 (192.168.201.11)' can't be established. ECDSA key fingerprint is 10:b3:7b:32:94:89:3f:5e:44:81:96:e3:17:c5:6d:0a [MD5]. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'system2,192.168.201.11' (ECDSA) to the list of known hosts. Password: system2:~>; system2:~>; system2:~>; cd .ssh/ system2:~/.ssh>; system2:~/.ssh>; vi authorized_keys system2:~/.ssh>;
Now we can log out and try lo gin again, but this time without prompting password.
system2:~/.ssh>; system2:~/.ssh>; logout Connection to system2 closed. system1:~/.ssh>; system1:~/.ssh>; system1:~/.ssh>; ssh system2 Last login: Wed Aug 20 15:49:36 2014 from system1 system2:~>; system2:~>;
As we can see our log in to system was without prompting password and we can consider that our ssh key is working right.