This process involves two steps:
- Generating a public authentication key
- appending it to the remote hosts’ authorized_keys file.
Generate Authentication Key
If an SSH authentication key does not already exist on the client, generate one by running the ssh-keygen command. When prompted for a passphrase, use a blank passphrase if fully password-less login is desired:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
| o +.=.+|
| . +. .o* .o|
| . o.oo .=o=.o|
| . +S..o *oB.|
| . . . * =o=|
| . o o..o|
| . . .o |
| E. oo |
Copy the Public Key to the Remote Host
Use the ssh-copy-id command to install the public half of the new authentication key to the remote host. The ssh-copy-id command will automatically append the identity information into the ~/.ssh/authorized_keys file for the specified user on the remote host. It will create the authorized_keys file if necessary.
#ssh-copy-id -i ~/.ssh/id_rsa.pub firstname.lastname@example.org
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'email@example.com'" and check to make sure that only the key(s) you wanted were added.