Security and convenience. It enable fast, secure login to remote hosts without a password, rlogin, telnet, and .rhosts.
Assume, for this example, that you want to be able to log in a user "foo" on host "there.com" from host "here.com", and have a password based account on "there.com". In the real thing you would substitute your login id and the correct hostnames.
Log in to "here.com" via ssh.
Go to the .ssh directory:
~$ cd .ssh
Run ssh-keygen
.ssh$ ssh-keygen
Note: If both "here" and "there" are using OpenSSH, or
other version
1.5/2.0 software, running % ssh -V
on both machines
will tell
you, you will need to specify the type of key, like this:
.ssh$ ssh-keygen -t rsaIf only "here" is running a protocol 1.5/2.0 mix, you will need to specify the type as rsa1 (because "there" would be running only protocol 1) like so:
.ssh$ ssh-keygen -t rsa1
Whether or not you use a passphrase or not depends on your system standards. If you use a passphrase, be sure to make a note of it someplace safe. If you do not use a passphrase, just hit enter when it asks for one.
The ssh-keygen utility will generate two files: "identity" and "identity.pub" (or id_rsa and id_rsa.pub). You may wish to copy "identity.pub" (or id_rsa.pub) to "here.pub"
Now scp (secure copy) the identity.pub (or id_rsa.pub) file to "there.com" as "here.pub".
.ssh$ scp identity.pub foo@there.com:~foo/.ssh/here.pub
It will ask you to enter your password for foo at there.com. After you enter your password, it should copy the file, and then idicate that it is done.
Now ssh to "there.com", log in, and change to your .ssh directory.
.ssh$ ssh there.com ... ~% cd .ssh
Your "here.pub" file should be there. If it is, append it to the "authorized_keys" file.
.ssh% cat here.pub >> authorized_keys
Be sure to use ">>" (two greater-than signs) in order to append it to an existing file. If there is no "authorized_keys" file, create it by:
.ssh% touch authorized_keys
and then append your "here.pub" file to it.
Make sure that the files in .ssh are writable only by you, on both machines, and non-executable by anyone.
.ssh% chmod 644 * or .ssh% chmod go-rw *
Now exit from "there.com", and test whether you can ssh in to it without a password.
It is a point to remember: passphraseless login is convenient, but if you don't need it, it can be a security risk. If you only need a passwordless login to run certain commands on a remote system, you might also want to take a look at ssh tip from Nick.
Be sure to email me at lj @ laubenheimer.net if you have questions (remember to de-mung).