ssh uses a public key cryptosystem. That means that, among other
things, it can present a secret signed with your secret key, which
anyone can decrypt with your public key, in order to verify that you are
really who you say you are, assuming no one has stolen your private key.
There are two main ways of setting up ssh authentication in such a
way that you do not have to enter a password or passphrase to log into
machines, but without sacrificing security overmuch. You can set up ssh
keys without a passphrase, or you can set up ssh keys with a passphrase
and then use ssh agent to enter your passphrase automatically.
The method described here is how to generate passphraseless keys.
This method is well suited to using ssh for automation, for example,
from cron jobs.
What we're doing below, is generating a public+private keypair, and then
adding the public key to a file that lists public keys that are allowed
to ssh into the account the key is added to.
The specifics
srchost> ssh-keygen -t dsa # Note: this step is not necessary if ~/.ssh/id_dsa.pub already exists
srchost> # when ssh-keygen asks for a passphrase, just hit enter.
The other method is to generate ssh keys with a
passphrase, but use ssh agent to enter your passphrase
automatically. This method is better for interactive use, as you
don't need to be concerned as much about someone stealing your
private keys.
