Password free SSH (public key authentication)
Using SSH to connect to a remote computer is convenient, but it has a couple of drawbacks. One is that you have to type the password each time you connect, which is annoying in an interactive shell but unacceptable with a script, because you then need the password in the script. The other is that a password can be cracked. A complex, random long password helps, but that makes interactive logins even more inconvenient. It's more secure to set SSH up to work with no passwords at all. First you need to set up a pair of keys for SSH, using ssh-keygen like this to generate RSA key pair (change the argument to dsa for DSA keys).
This creates two files in ~/.ssh, id_rsa (or id_dsa) with your private key and id_rsa. pub with your public key. Now copy the public key to the remote computer and add it to the list of authorised keys with
Or do it remotely
OpenSSH Server Side Configuration
Make sure you have the following in sshd_config (/etc/ssh/sshd_config)
You can then log out of the SSH session and start it again. You will not be asked for a password (for the owner of ~ ONLY), although if you set a passphrase for the key you will be asked for that. Repeat this for each user and each remote computer.
"PasswordAuthentication no" causes SSH to refuse all connection without a key, making password-cracking impossible.
ssh-copy-id - install your public key in a remote machine's authorized_keys
ssh-copy-id is a script that uses ssh to log into a remote machine and append the indicated identity file to that machine's ~/.ssh/authorized_keys file.
Most likely failures are caused by bad ownership or modes (permissions) of the ~/.ssh folder and ~/.ssh/authorized_keys file on the OpenSSH Server side.
To troubleshooting ssh login issues, run sshd in foreground
Connect from ssh client
NOTE: permissions for ~/.ssh and ~/.ssh/authorized_keys (strict is GOOD)
|Folder / File||Permisson|
Example output, bad ownership of the file ~/.ssh/authorized_keys => 0666
Fix it by changing modes to 0600.
ssh or scp using an indentity file
Selects a file from which the identity (private key) for public key authentication is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol version 2.
Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). ssh will also try to load certificate information from the filename obtained by appending cert.pub to identity filenames.
Specify a passphrase when generating the key, which will be used to encrypt the private part of this file using 128-bit AES. When a login attempt is made, the private key id_rsa will be accessed and passphrase will be required if there is.
Contains the protocol version 2 RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES. This file is not automatically accessed by ssh-keygen but it is offered as the default file for the private key. ssh will read this file when a login attempt is made.
Contains the protocol version 2 RSA public key for authentication. The contents of this file should be added to ~/.ssh/authorized_keys on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret.
A list of trusted public keys.
If you see the following error message when generating a new key pair
Please try to set SSH_AUTH_SOCK to 0 in the Terminal session and try again:
Otherwise try logging out current X session and log back in, it's a known bug.
OpenSSL generated key pairs
NOTE: openssl generated key pairs can also be used for Public key authentication.
Use ssh -i to specific the private key (identity file) and connect to the ssh host, for example:
More on how to use OpenSSL to generate keypairs: Use OpenSSL to generate key pairs
NOTE: PEM => Privacy Enhanced Mail.
PuTTY - PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator.