How to set up ssh so you aren't asked for a password
You can create a RSA authentication key to be able to log into a remote site from your account, without having to type your password.
Note that once you've set this up, if an intruder breaks into your account/site, they are given access to the site you are allowed in without a password, too! For this reason, this should never be done from root.
- Run
ssh-keygen(1)on your machine, and just hit enter when asked for a password.
This will generate both a private and a public key. With older SSH versions, they will be stored in~/.ssh/identityand~/.ssh/identity.pub; with newer ones, they will be stored in~/.ssh/id_rsaand~/.ssh/id_rsa.pub. - Next, add the contents of the public key file into
~/.ssh/authorized_keyson the remote site (the file should be mode 600).
If you are a developer and you want to access debian.org systems with such a key, it's possible to have the developer database propagate your key to all of the debian.org machines. See the LDAP gateway documentation.
You should then be able to use ssh to log in to the remote server without being asked for a password.
Important: Note that everyone that has read access
to the private key file can use it to have the same passwordless
access to the remote site. This includes any person that has root
access to your local machine. Therefore it's strongly recommended
that you use a passphrase for your private key if you are not the only
root on your machine. You can use ssh-agent(1) and
ssh-add(1) to type your passphrase only once for all uses
of a specific key in a session. You can automatically load all your
keys in the agent by adding the following lines to your
~/.xsession file:
# if use-ssh-agent is specified in /etc/X11/Xsession.options
# (this is the default) then you need only the second line
# eval ssh-agent
ssh-add <filename-of-ssh-key>
The ssh-askpass package must be installed in order to
run ssh-add without a terminal.