This is a simple and proof of concept setup. It shows you how to setup an automatic ssh shell login from one Linux machine to another machine. For detail description the whole concept, you can read man page of ssh and ssh-keygen or search the web.

Scenario:
Imagine you have a Linux machine at home called CLIENT and another Linux machine called SERVER at remote location such as your office. From CLIENT, you want to simple run a command ssh username@server that will log you in to SERVER without asking for a password.
CLIENT machine setup Use the following simple steps to create empty pass phrase public/private key pair.

  • In home directory, login as the user you want to automatically login to remote SERVER.
  • Run this command: “ssh-keygen -t dsa”. When asked for pass phrase and some other information, make sure you just hit ENTER key to accept default value. Default value is empty.
  • When process finish, two files will be created in ~.ssh/ directory. Usually, they are called id_dsa and id_dsa.pub.
  • Now, you may need to move these two files out from ~.ssh directory because they may prevent you to ssh or scp file to remote SERVER machine.
  • Next, scp id_dsa.pub file to remote SERVER machine. Then move id_dsa and id_dsa.pub files back to ~.ssh directory.
  • That is all you need to do on CLIENT machine.


SERVER Setup

  • Login as the user to SERVER machine. You should have a file you scp from CLIENT machine call “id_dsa.pub”.
  • Go to ~.ssh directory. Look for a file called “authorized_keys”. If it is not there, you can create one using touch command: touch authorized_keys. Some documentations I read mention create the file of authorized_keys2 will also work.
  • Now, copy the content of id_dsa.pub into authorized_keys and save authorized_keys file.
  • Now you can test to ssh from CLIENT machine to SERVER. You should be able to login to SERVER without typing a password.

Some notes

If it does not work for some reasons, do the following.

  • Check the file owner of id_dsa.pub. It must be created by the owner of the account, not root. This is true on both CLIENT and SERVER machines.
  • Make sure content in authorized_keys file does not have empty lines at the beginning or the end of the file.
  • Sometimes, copy by highlighting in shell does not work properly. You may use read command to read id_dsa.pub file into authorized_keys from vi.
  • You can choose dsa or rsa encryption algorithm for public/private key pair.