1. Verify that local-host and remote-host is running openSSH
[local-host]$ ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
[remote-host]$ ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
2. Generate key-pair on the local-host using ssh-keygen
[local-host]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
31:3a:5d:dc:bc:81:81:71:be:31:2b:11:b8:e8:39:a0 jsmith@local-host
The public key and private key are typically stored in .ssh folder under your home directory. In this example, it is under /home/jsmith/.sshd. You should not share the private key with anybody.
By default the ssh-keygen on openSSH generates RSA key pair. You can also generate DSA key pair using: ssh-keygen -t dsa command.
3. Install public key on the remote-host.
Copy the content of the public key from the local-host and paste it to the /home/jsmith/.ssh/authorized_keys on the remote-host. If the /home/jsmith/.ssh/authorized_keys already has some other public key, you can append this to the end of it. If the .ssh directory under your home directory on remote-host doesn’t exist, please create it.
[remote-host]$ vi ~/.ssh/authorized_keys
ssh-rsa ABIwAAAQEAzRPh9rWfjZ1+7Q369zsBEa7wS1RxzWR jsmith@local-host
In simple words, copy the local-host:/home/jsmith/.ssh/id_rsa.pub to remote-host:/home/jsmith/.ssh/authorized_keys
4. Give appropriate permission to the .ssh directory on the remote-host.
[remote-host]$ chmod 755 ~/.ssh
[remote-host]$ chmod 644 ~/.ssh/authorized_keys
5. Login from the local-host to remote-host using the SSH key authentication to verify whether it works properly.
[local-host]$
[local-host]$ ssh -l jsmith remote-host
Enter passphrase for key '/home/jsmith/.ssh/id_rsa':
Last login: Sat Jun 07 2008 23:03:04 -0700 from 192.168.1.102
No mail.
[remote-host]$
6. Start the SSH Agent on local-host to perform ssh and scp without having to enter the passphrase several times.
Verify whether SSH agent is already running, if not start it as shown below.
[local-host]$ ps -ef | grep ssh-agent
511 9789 9425 0 00:05 pts/1 00:00:00 grep ssh-agent
[local-host]$ ssh-agent $SHELL
[local-host]$ ps -ef | grep ssh-agent
511 9791 9790 0 00:05 ? 00:00:00 ssh-agent /bin/bash
511 9793 9790 0 00:05 pts/1 00:00:00 grep ssh-agent
7. Load the private key to the SSH agent on the local-host.
[local-host]$ ssh-add
Enter passphrase for /home/jsmith/.ssh/id_rsa:
Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)
Following are the different options available in the ssh-add:
ssh-add
ssh-add -l: List all the key loaded in the ssh agent.
ssh-add -d
ssh-add -D: Delete all key
8. Perform SSH or SCP to remote-home from local-host without entering the password.
[local-host]$
[local-host]$ ssh -l jsmith remote-host
Last login: Sat Jun 07 2008 23:03:04 -0700 from 192.168.1.102
No mail.
[remote-host]$