You want to use Linux and OpenSSH to automate your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don’t want to enter any passwords, because you want to call ssh from a within a shell script.
How to do it
First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:
a@A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory ‘/home/a/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):
a@A:~> ssh b@B mkdir -p .ssh
Finally append a’s new public key to b@B:.ssh/authorized_keys and enter b’s password one last time:
a@A:~> cat .ssh/id_rsa.pub | ssh b@B ‘cat >> .ssh/authorized_keys’
From now on you can log into B as b from A as a without password:
a@A:~> ssh b@B
A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:
Put the public key in .ssh/authorized_keys2
Change the permissions of .ssh to 700
Change the permissions of .ssh/authorized_keys2 to 640
Make sure the permissions on the ~/.ssh directory and its contents are proper. When I first set up my ssh key auth, I didn’t have the ~/.ssh folder properly set up, and it yelled at me.
Your home directory ~, your ~/.ssh directory and the ~/.ssh/authorized_keys file on the remote machine must be writable only by you: rwx—— and rwxr-xr-x are fine, but rwxrwx— is no good¹, even if you are the only user in your group (if you prefer numeric modes: 700 or 755, not 775).
If ~/.ssh or authorized_keys is a symbolic link, the canonical path (with symbolic links expanded) is checked.
Your ~/.ssh/authorized_keys file (on the remote machine) must be readable (at least 400), but you’ll need it to be also writable (600) if you will add any more keys to it.
Your private key file (on the local machine) must be readable and writable only by you: rw——-, i.e. 600.