Below is the process required for setting up password-free sign in for “user” at a server called “foo.com”. I’ve added links to “Explain Shell” throughout so you can see an overview of what the commands and arguments do.
First, create your .ssh
directory by issuing the command mkdir -m 700 -p ~/.ssh
.
Secondly create the keypair: ssh-keygen -t rsa -b 2048 -f ~/.ssh/foo.com
The filename (foo.com
) can be anything you want, but it’s easiest to use a name that hints at for what server you’ve generated the keys.
You’ll be prompted for a passphrase for the key. This isn’t required, but is recommended. You can generate and store your passphrase in your OS’s keychain manager. The Mac has Keychain. Linux offers KWallet or Seahorse. You can also use a password manager like 1Password. Keep in mind, though, that using a password manager will likely negate the “passwordless” bit of the process unless it has the kind of OS integration the aforementioned keychain managers have.
You’ll now have two key files in ~/.ssh
: a private key called foo.com
and a public key called foo.com.pub
.
Next, you need to add the public key to the remote server to which you’d like to sign in. To do that, use the script ssh-copy-id
. If you’re on a Mac, you need to first get that script via homebrew
. Install brew
, then run brew install ssh-copy-id
.
Push the key up to foo.com
by issuing the command ssh-copy-id -i ~/.ssh/foo.com.pub user@foo.com
. When prompted for a password, use the password you normally use to sign on to the system, not your key’s passphrase.
The sign into the remote system using the new keypair, use the command ssh -i ~/.ssh/foo.com.pub user@foo.com
. The first time you do so, your OS will prompt you for the passphrase. Enter it, and allow your OS to save the passphrase to the keychain for passwordless log in.
Once the credentials have been added to the remote system, it’s handy to add the host, user, and key to your ssh config
. Detailed instructions can be found on Nerderati.