/***************************************************************/ /* Short note on how to use ssh or scp without being prompted */ /* for a password. */ /* By: Albert van der Sel */ /***************************************************************/ passwordless using ssh/scp between two (or more) hosts: 1. decide which useraccount to use (on all hosts), and logon to the local host with that account 2. Generate a public/private key pair on the local machine: $ ssh-keygen -t dsa (or 'ssh-keygen -t rsa') (rsa=protocol 1; dsa=protocol 2) In response, you should see: Generating public/private dsa key pair Enter file in which to save the key ... Press Enter to accept this. In response, you should see: Enter passphrase (empty for no passphrase): You don't need a passphrase, so press Enter twice. In response, you should see: Your identification has been saved in ... Your public key has been saved in ... 3. Note the name and location of the public key just generated. It always ends in .pub. 4. Change the permissions of the generated .pub file to 600, for example chmod 600 id_dsa.pub (or 700). In effect, make sure that no group, or everyone (world), has any access to the file. On most implementations, that's really a critical requirement. 5. Copy the public key just generated to all of your remote boxes. You can use scp or FTP or whatever to make the copy. if you are logging in as a user, for example, albert, you should copy it to "/home/albert/.ssh/authorized_keys". But (!) first check whether that file already exists. If the file already exists and contains text, you need to append the contents of your public key file to what already is there. That should do the job. Now you can use statements like, for example albert@hosta:/tmp$> scp testfile albert@hostb:/tmp without being prompted for a password. If you want to do the same for scp from hostb to hosta, perform the same steps again, but now ofcourse with the serverroles reversed. Notes: 1. If it doesn't work, try changing the authorized_keys file name to authorized_keys2, or ask your system administrator what file name is ssh actually using. 2. The name of the target server must have been registered in the "known_hosts" file in the .ssh directory. This can be done with a regular (with password) ssh connection, and accepting the host "as known". 3. SSH protocol 2 is assumed in this procedure (it uses dsa keys). If your ssh configuration not uses this as a default, you may have to force it with the -2 option of the ssh and scp.