9.5.3 Connecting with fewer passwords – RSA
One can avoid having to remember a password for each remote system by using
RSAAuthentication (SSH1 protocol) or PubkeyAuthentication (SSH2 protocol).
On the remote system, set the respective entries, "RSAAuthentication
yes" or "PubkeyAuthentication yes", in
/etc/ssh/sshd_config
.
Then generate authentication keys locally and install the public key on the
remote system:
$ ssh-keygen # RSAAuthentication: RSA1 key for SSH1
$ cat .ssh/identity.pub | ssh user1@remote \
"cat - >>.ssh/authorized_keys"
...
$ ssh-keygen -t rsa # PubkeyAuthentication: RSA key for SSH2
$ cat .ssh/id_rsa.pub | ssh user1@remote \
"cat - >>.ssh/authorized_keys"
...
$ ssh-keygen -t dsa # PubkeyAuthentication: DSA key for SSH2
$ cat .ssh/id_dsa.pub | ssh user1@remote \
"cat - >>.ssh/authorized_keys"
One can change the passphrase later with "ssh-keygen
-p". Make sure to verify settings by testing the connection. In
case of any problem, use "ssh -v".
You can add options to the entries in authorized_keys
to limit
hosts and to run specific commands. See sshd(8)
for details.
Note that SSH2 has HostbasedAuthentication. For this to work, you
must adjust the settings of HostbasedAuthentication to
yes in both /etc/ssh/sshd_config
on the server
machine and /etc/ssh/ssh_config
or $HOME/.ssh/config
on the client machine.