First, install OpenSSH and OpenSSL on two UNIX servers, serverA and serverB. This works best using DSA keys and SSH2 by default as far as I can tell. All the other HOWTOs I've seen seem to deal with RSA keys and SSH1, and the instructions not surprisingly fail to work with SSH2.

On each server type ssh someserver.example.com and make a connection with your regular password. This will create a .ssh dir in your home directory with the proper permissions. On your primary server where you want your secret keys to live (let's say serverA), type:

# ssh-keygen -t dsa

This will prompt you for a secret passphrase. If this is your primary identity key, use an empty passphrase (which is not secure, but the easiest to work with). If this works right, you will get two files called id_dsa and id_dsa.pub in your .ssh dir.

Copy the id_dsa.pub file to the other host's .ssh dir with the name authorized_keys2:

# scp ~/.ssh/id_dsa.pub serverB:.ssh/authorized_keys2

Now serverB is ready to accept your ssh key.

For a test, type:

# ssh serverB

This should let you in without typing a password or passphrase. Hooray! You can ssh and scp all you want and not have to type any password or passphrase.



If you found this useful, here's more on the same topic(s) in our blog:

• Measuring network throughput
• UNKNOWN_ user in /etc/security/failedlogin
• Nimadm
• Line numbers in VI
• mkpasswd