How to configure passwordless login in Mac OS X and Linux

Once you set up a shell user and try to log in via SSH, you'll find you must enter your password each time. If you’d like to avoid entering your password every time, you can set up Passwordless Login. This way, you'll be able to automatically login each time immediately without needing to enter your password.

In this article, 'username@server.dreamhost.com' is used as the login example.

The following are instructions on how to set up Passwordless Login for any Unix, Linux, OSX, or Cygwin machine.

STEP ONE – Generating the key pair

On your home computer:

  1. Generate an RSA private key using ssh-keygen (unless you have already created one).
    • If you’re using Linux or Mac OS X, open your terminal and run the following command under your username:
    [local]$ ssh-keygen -t rsa
    This creates a public/private keypair of the type (-t) rsa.
    Generating a public/private rsa key pair.
    Enter the file in which you wish to save they key (i.e., /home/username/.ssh/id_rsa).
    

    If you click 'Enter', the key will be created with the default name of 'id_rsa'. You can name this anything you like, but if you choose a custom name, you'll need to let your SSH client know about the new key name. View Step #3 below for details.

    Once the keypair is created, you are prompted to enter the following items.
  2. Click Enter on your keyboard to continue.
    Enter a passphrase (leave empty for no passphrase).

    You do not need to enter a passphrase, but it's highly recommended as it protects your private key if compromised. If so, someone would still need your passphrase in order to unlock it.

  3. Click Enter on your keyboard to continue.
    Enter same passphrase again:
  4. Click Enter on your keyboard to continue.
  5. When finished, click Enter on your keyboard.
    The following message appears:
    Your identification has been saved in /home/username/.ssh/id_rsa
    Your public key has been saved in /home/username/.ssh/id_sra.pub
    
    The key fingerprint is:
    ar:bc:d3:9e:g3:1f:63:6f:6b:32:2e:97:ee:42:e1:be username@server.dreamhost.com
    
    The key’s randomart image is:
    
    +--[ RSA 2048]----+
    | ..+**B.o++o     |
    |  . o+==o. o     |
    |    . .oo.=      |
    |      . +E+ .    |
    |        S .      |
    |                 |
    |                 |
    |                 |
    |                 |
    +-----------------+
    

STEP 2 – Copying the public key you just created on your home computer to your DreamHost server

Linux

When using Linux you have two options. You can use ssh-copy-id or the instructions below for Mac OS X. Both work to copy the local public key to your DreamHost server.

  1. Copy the public key on your local computer to DreamHost's server by running the following command on your Linux machine.
    [local]$ ssh-copy-id -i ~/.ssh/id_rsa.pub username@server.dreamhost.com
    

    If you get the error message "Too many arguments" make sure to check the command. The -i flag must be used.

  2. This command responds with the following:
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed == if you are prompted now it is to install the new keys
    username@server.dreamhost.com's password:
    
  3. Enter your password and you'll see the following:
    Number of key(s) added: 1

    Now try logging into the machine, with: "ssh 'username@server.dreamhost.com'" and check to make sure that only the key(s) you wanted were added.

Mac OS X command

  1. Run the following command to copy the public key on your local computer to DreamHost's server.
    [local]$ cat ~/.ssh/id_rsa.pub | ssh username@server.dreamhost.com "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"
    
    • This command assumes you do NOT already have an /.ssh directory under your DreamHost username. This command creates the /.ssh directory for you on your DreamHost server.
    • If you already have an /.ssh directory on your web server, just remove the 'mkdir ~/.ssh;' section, while keeping the double quotes. For example, it will look like this:
      [local]$ cat ~/.ssh/id_rsa.pub | ssh username@server.dreamhost.com "cat >> ~/.ssh/authorized_keys"
  2. This command responds with the following:
    The authenticity of host 'server.dreamhost.com (208.113.136.55)' can't be established.
    RSA key fingerprint is 50:46:95:5f:27:c9:fc:f5:f5:32:d4:3a:e9:cb:4f:9f.
    Are you sure you want to continue connecting (yes/no)? yes
    
    Warning: Permanently added 'server.dreamhost.com,208.113.136.55' (RSA) to the list of known hosts.
    
    username@server.dreamhost.com's password:
    
  3. You can confirm the fingerprint in your panel on the (Panel > 'Users' > 'SSH Keys') page.
  4. Enter 'yes' to continue.
  5. Enter your ssh username password when prompted.

The commands above create a new folder under your DreamHost user named /.ssh with 700 permissions.

In that folder is your authorized_keys file which was just copied from your home computer which has 600 permissions.

STEP 3 – Adding your custom key to your ssh client.

This step is only necessary if you gave your key a custom name in Step #1 above.

When creating your key pair, you choose what to name it. For example, the default name is 'id_rsa', but you can name it anything you like while creating it. However, if you choose a custom name, you'll need to let your SSH client know about the new key by running the following command (make sure to change customkey_rsa to your keyname):

[local]$ ssh-add ~/.ssh/customkey_rsa

STEP 4 – Confirming the SSH connection

If everything is configured properly, you should now be able to access your DreamHost account through SSH without a password. Run this command on your home computer where you just created the original keypair.

[server]$ ssh username@server.dreamhost.com

You should now be able to log in without using a password.

Troubleshooting

If you are not being automatically logged in, view the following article for possible solutions:

See also

Did this article answer your questions?

Article last updated PST.