9.5.3 Connecting with fewer passwords – RSA

One can avoid having to remember a password for each remote system by using RSAAuthentication (SSH1 protocol) or PubkeyAuthentication (SSH2 protocol).

On the remote system, set the respective entries, "RSAAuthentication yes" or "PubkeyAuthentication yes", in /etc/ssh/sshd_config.

Then generate authentication keys locally and install the public key on the remote system:

     $ ssh-keygen          # RSAAuthentication: RSA1 key for SSH1
     $ cat .ssh/identity.pub | ssh user1@remote \
             "cat - >>.ssh/authorized_keys"
     ...
     $ ssh-keygen -t rsa   # PubkeyAuthentication: RSA key for SSH2
     $ cat .ssh/id_rsa.pub | ssh user1@remote \
             "cat - >>.ssh/authorized_keys"
     ...
     $ ssh-keygen -t dsa   # PubkeyAuthentication: DSA key for SSH2
     $ cat .ssh/id_dsa.pub | ssh user1@remote \
             "cat - >>.ssh/authorized_keys"

One can change the passphrase later with "ssh-keygen -p". Make sure to verify settings by testing the connection. In case of any problem, use "ssh -v".

You can add options to the entries in authorized_keys to limit hosts and to run specific commands. See sshd(8) for details.

Note that SSH2 has HostbasedAuthentication. For this to work, you must adjust the settings of HostbasedAuthentication to yes in both /etc/ssh/sshd_config on the server machine and /etc/ssh/ssh_config or $HOME/.ssh/config on the client machine.