In addition to password authentication, ssh can use an encryption authorization method. Instead of typing a password, you authenticate to the remote computer by means of a special file, that you might think of as a ``key''. Done correctly, this can allow you to login to remote machines without requiring you to enter a password every time.
The first step for password authentication is generating a public/private key pair. This is a pair of files that together can be used to encrypt and decrypt data. One file is used for the encryption part of the process, and the other for decryption. Because of the way that these keys were designed, they can be used to authenticate a user to a system.
To begin, you must generate your key pair. The command to do this is
ssh-keygen. By default, with the
-t dsa option, this will create two files, id_dsa and id_dsa.pub. The
id_dsa.pub file is referred to as the public
half of your key, and id_dsa is the secret half
of your key.
Example B-1. Generating a key pair.
$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/caleb/.ssh/id_dsa): Enter passphrase (empty for no passphrase):passphrase Enter same passphrase again:passphrase Your identification has been saved in /home/caleb/.ssh/id_dsa. Your public key has been saved in /home/caleb/.ssh/id_dsa.pub. The key fingerprint is: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 caleb@athlonsmp
Although leaving the passphrase empty can make it easier to do password-less logins, that is not the best approach. Without a passphrase, anyone that might get a copy of your id_dsa file could use it to impersonate you.