To implement RSA authentication under ssh so that the user is not continually asked prompted for a remote-host password when using
scp, or any programs using ssh underneath such as
svn do the following.
- Create a public/private RSA key pair. This will be used for RSA authentication. When generating this RSA key pair don’t enter a passphrase otherwise you will always be prompted for it.
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/fkim/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/fkim/.ssh/id_rsa. Your public key has been saved in /home/fkim/.ssh/id_rsa.pub. The key fingerprint is: 2a:59:54:3f:82:8f:79:92:1d:39:7b:62:02:68:97:e6 fkim@paltp1235 $ cd .ssh $ chmod 400 id_rsa id_rsa.pub
- Copy the public RSA key to the remote host.
$ scp -p ~/.ssh/id_rsa.pub email@example.com:~/ Password: id_rsa.pub 100% 396 0.4KB/s 00:00
- ssh to the remote host and create an .ssh directory if it does not already exist.
$ ssh firstname.lastname@example.org Password: [box ~]$ mkdir .ssh [box ~]$ chmod 755 .ssh
- Append the public RSA key to the list of authorized keys.
[box ~]$ cat id_rsa.pub >> .ssh/authorized_keys2 [box ~]$ chmod 644 .ssh/authorized_keys2
- Log out and log back in to verify that you no longer need to enter your password.
$ ssh email@example.com [box ~]$
Note if this does not work it is sometimes because the ssh client cannot find the id_rsa file. It looks for it normally where it keeps the known hosts file. On most systems this is the default location for where it writes the id_rsa file. On one system I found that it was looking for the id_rsa file in
In some cases RSA authentication will not work and you will need to use DSA authentication. This article, SSH Logins Without Providing A Password, gives a good description of how to do this. The instructions are quite similar.