Below is the process required for setting up password-free sign in for “user” at a server called “foo.com”. I’ve added links to “Explain Shell” throughout so you can see an overview of what the commands and arguments do.
First, create your
.ssh directory by issuing the command
mkdir -m 700 -p ~/.ssh.
Secondly create the keypair:
ssh-keygen -t rsa -b 2048 -f ~/.ssh/foo.com The filename (
foo.com) can be anything you want, but it’s easiest to use a name that hints at for what server you’ve generated the keys.
You’ll be prompted for a passphrase for the key. This isn’t required, but is recommended. You can generate and store your passphrase in your OS’s keychain manager. The Mac has Keychain. Linux offers KWallet or Seahorse. You can also use a password manager like 1Password. Keep in mind, though, that using a password manager will likely negate the “passwordless” bit of the process unless it has the kind of OS integration the aforementioned keychain managers have.
You’ll now have two key files in
~/.ssh: a private key called
foo.com and a public key called
Next, you need to add the public key to the remote server to which you’d like to sign in. To do that, use the script
ssh-copy-id. If you’re on a Mac, you need to first get that script via
brew, then run
brew install ssh-copy-id.
Push the key up to
foo.com by issuing the command
ssh-copy-id -i ~/.ssh/foo.com.pub email@example.com. When prompted for a password, use the password you normally use to sign on to the system, not your key’s passphrase.
The sign into the remote system using the new keypair, use the command
ssh -i ~/.ssh/foo.com.pub firstname.lastname@example.org. The first time you do so, your OS will prompt you for the passphrase. Enter it, and allow your OS to save the passphrase to the keychain for passwordless log in.
Once the credentials have been added to the remote system, it’s handy to add the host, user, and key to your
ssh config. Detailed instructions can be found on Nerderati.