Here’s how to set up password-free ssh. Work out any problems with passworded ssh before proceeding.
- On the client machine, run "ssh-keygen -t rsa" (Note: Only do this if you don't have ssh without password connecting from this client to ANYWHERE.)
- Copy your id_rsa.pub (or your identity.pub, or whatever you've named your public key) to the server as ~/.ssh/authorized_keys. If you already have an authorized_keys, append your id_rsa.pub to that file. If you have no other authorized_keys, the command will be something like:
- scp ~/.ssh/id_rsa.pub username@hostname:.ssh/authorized_keys
- On the server:
UPDATE: It looks like something changed in the cygwin ssh and now ssh2 is the default. Consequently, if you have a keygen-generated a file named "identity", you need to rename the private key to be id_rsa (or you could "ln identity id_rsa").
UPDATE2: If you've checked your permissions and file contents, and everything looks right, but it keeps doing password authentication, try specifying the identify file to use via the command line. e.g.
- chmod 700 .ssh
- chmod 600 .ssh/authorized_keys
- On the client, run "ssh yourId@yourServer" and it should login without a password.
UPDATE3: Note that ssh uses your home directory as defined in /etc/passwd, and not an environment variable. Oddly, you can do "cd ~/.ssh" and end up in the directory which bash thinks is your home directory, and wind up with ssh looking for .ssh in a completely different directory. If UPDATE2 fixes your problem, fixing your /etc/passwd entry may help.
Tested with Cygwin ssh client, Ubuntu 9, and a few flavors of Solaris. This is basic stuff, so it should work with all Unix-like systems.
If you have set up public key authentication, and you want to force a particular ssh session to use password-based authentication, you can use the following:
- ssh -i /path/to/identity username@remotehost
How it works: The ssh client encrypts a string with your private key. The ssh server decrypts it with your public key. Only things encrypted with your private key can be decrypted with your public key, so the server knows you're you.
- ssh -o PubkeyAuthentication=no user@remotehost