ssh Without a Password

Here's how to set up password-free ssh.  Work out any problems with passworded ssh before proceeding.

1. On the client machine, run "ssh-keygen -t rsa" (Note: Only do this if you don't have ssh without password connecting from this client to ANYWHERE.)
2. Copy your id_rsa.pub (or your identity.pub, or whatever you've named your public key) to the server as ~/.ssh/authorized_keys.  If you already have an authorized_keys, append your id_rsa.pub to that file.
3. On the server:
   • chmod 600 .ssh
   • chmod 600 .ssh/authorized_keys

UPDATE: It looks like something changed in the cygwin ssh and now ssh2 is the default. Consequently, if you have a keygen-generated a file named "identity", you need to rename the private key to be id_rsa (or you could "ln identity id_rsa").

UPDATE2: If you've checked your permissions and file contents, and everything looks right, but it keeps doing password authentication, try specifying the identify file to use via the command line. e.g.

1. ssh -i /path/to/identity username@remotehost

UPDATE3: Note that ssh uses your home directory as defined in /etc/passwd, and not an environment variable. Oddly, you can do "cd ~/.ssh" and end up in the directory which bash thinks is your home directory, and wind up with ssh looking for .ssh in a completely different directory. If UPDATE2 fixes your problem, fixing your /etc/passwd entry may help.

Tested with Cygwin ssh client, Ubuntu 9, and a few flavors of Solaris. This is basic stuff, so it should work with all Unix-like systems.

If you have set up public key authentication, and you want to force a particular ssh session to use password-based authentication, you can use the following:

• ssh -o PubkeyAuthentication=no user@remotehost

How it works: The ssh client encrypts a string with your private key. The ssh server decrypts it with your public key. Only things encrypted with your private key can be decrypted with your public key, so the server knows you're you.