How to configure passwordless login in Mac OS X and Linux


Once you set up a shell user and try to log in via SSH, you'll find you must enter your password each time. If you’d like to avoid entering your password every time, you can set up Passwordless Login. This way, you'll be able to automatically login each time immediately without needing to enter your password.

In this article, '' is used as the login example.

The following are instructions on how to set up Passwordless Login for any Unix, Linux, OSX, or Cygwin machine.

These instructions can also be used to create and assign SSH keys to an admin/root user on a Dedicated Server.


Step 1 — Generating the key pair

On your home computer:

  1. Generate an RSA private key using ssh-keygen (unless you have already created one).
    • If you’re using Linux or Mac OS X, open your terminal and run the following command under your username:
    [local]$ ssh-keygen -t rsa
    This creates a public/private keypair of the type (-t) rsa.
    Generating a public/private rsa key pair.
    Enter the file in which you wish to save they key (i.e., /home/username/.ssh/id_rsa).

    If you click 'Enter', the key will be created with the default name of 'id_rsa'. You can name this anything you like, but if you choose a custom name, you'll need to let your SSH client know about the new key name. View Step #3 below for details.

    Also, if you choose to use a custom name, make sure to specify the full path to your user's .ssh directory. If you do not, the new key pair is created in the directory you're running the command.

    Once the keypair is created, you are prompted to enter the following items.
  2. Click Enter on your keyboard to continue.
    Enter a passphrase (leave empty for no passphrase).

    You do not need to enter a passphrase, but it's highly recommended as it protects your private key if compromised. If so, someone would still need your passphrase in order to unlock it.

    The exception to this is if you're running an automated process such as as cron job. You should then leave the password out. From ssh-copy-id:

    "Generally all keys used for interactive access should have a passphrase. Keys without a passphrase are useful for fully automated processes."
  3. Click Enter on your keyboard to continue.
    Enter same passphrase again:
  4. Click Enter on your keyboard to continue.
  5. When finished, click Enter on your keyboard.
    The following message appears:
    Your identification has been saved in /home/username/.ssh/id_rsa
    Your public key has been saved in /home/username/.ssh/
    The key fingerprint is:
    The key’s randomart image is:
    +--[ RSA 2048]----+
    | ..+**B.o++o     |
    |  . o+==o. o     |
    |    . .oo.=      |
    |      . +E+ .    |
    |        S .      |
    |                 |
    |                 |
    |                 |
    |                 |

Step 2 — Copying the public key you just created on your home computer to your DreamHost server


When using Linux you have two options. You can use ssh-copy-id or the instructions below for Mac OS X. Both work to copy the local public key to your DreamHost server.

  1. Copy the public key on your local computer to DreamHost's server by running the following command on your Linux machine.
    [local]$ ssh-copy-id -i ~/.ssh/

    If you get the error message "Too many arguments" make sure to check the command. The -i flag must be used.

    This command responds with the following:
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed == if you are prompted now it is to install the new keys's password:
  2. Enter your password and you'll see the following:
    Number of key(s) added: 1

    Now try logging into the machine, with: ssh and check to make sure that only the key(s) you wanted were added.

Mac OS X command

  1. Run the following command to copy the public key on your local computer to DreamHost's server.
    [local]$ cat ~/.ssh/ | ssh "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"
    • This command assumes you do NOT already have an /.ssh directory under your DreamHost username. This command creates the /.ssh directory for you on your DreamHost server.
    • If you already have an /.ssh directory on your web server, just remove the mkdir ~/.ssh; section, while keeping the double quotes. For example, it will look like this:
      [local]$ cat ~/.ssh/ | ssh "cat >> ~/.ssh/authorized_keys"
    This command responds with the following:
    The authenticity of host ' (' can't be established.
    RSA key fingerprint is 50:46:95:5f:27:c9:fc:f5:f5:32:d4:3a:e9:cb:4f:9f.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added ',' (RSA) to the list of known hosts.'s password:
  2. Confirm the fingerprint in your panel on the SSH Keys page.
  3. Enter 'yes' to continue.
  4. Enter your ssh username password when prompted.

The commands above create a new folder under your DreamHost user named /.ssh with 755 permissions.

In that folder is your authorized_keys file which was just copied from your home computer which has 644 permissions. You must now run the following commands to update those permissions to further secure your keys.

[server]$ chmod 700 ~/.ssh
[server]$ chmod 600 ~/.ssh/authorized_keys

Step 3 — Adding your custom key to your ssh client

This step is only necessary if you gave your key a custom name in Step #1 above.

When creating your key pair, you choose what to name it. For example, the default name is 'id_rsa', but you can name it anything you like while creating it. However, if you choose a custom name, you'll need to let your SSH client know about the new key.

You do this by starting ssh-agent. Start ssh-agent by running the following command. Make sure you use the backquote ` character and not a single quote – this backquote character is usually on the top left of your keyboard on the tilde ~ key:

[local]$ eval `ssh-agent`

You can then run the following command (make sure to change customkey_rsa to your keyname):

[local]$ ssh-add ~/.ssh/customkey_rsa

You can then check to confirm it's been added by running the following:

[local]$ ssh-add -l
2048 aa:42:d4:46:81:43:65:7f:4e:53:94:5f:2f:0d:fd:bd customkey_rsa (RSA)

It will respond with your private key's fingerprint. You can confirm that fingerprint by generating a fingerprint from your custom key's public file.

[local]$ ssh-keygen -l -f
2048 aa:42:d4:46:81:43:65:7f:4e:53:94:5f:2f:0d:fd:bd user@server (RSA)

Step 4 — Confirming the SSH connection

If everything is configured properly, you should now be able to access your DreamHost account through SSH without a password. Run this command on your home computer where you just created the original keypair.

[server]$ ssh

You should now be able to log in without using a password.

Specifying a key pair for SSH to use

By default, your client will use the identity (private key) named ~/.ssh/id_rsa. However, if you've created more than one key, you can specify which one to use when connecting using the -i flag. For example:

[server]$ ssh -i ~/.ssh/customkey

Confirm the identity being used

You can confirm the identity (private key) you're using if you add the -v flag.

[server]$ ssh -v

This will display a lot of output, but you're looking for these lines to confirm which identity you're using.

debug1: identity file /home/username/.ssh/id_rsa type 1
debug1: identity file /home/username/.ssh/id_rsa-cert type -1
debug1: Offering RSA public key: /home/username/.ssh/id_rsa

In this example, the id_rsa key is being used.

What if you have more than one key pair?

If you have more than one key, you'll need to add them all to ssh-agent. For example, if you have an id_rsa key in addition to a custom key, make sure you add both using ssh-add (as shown above). This will ensure that the 'Offering RSA public key' line above displays the correct key when connecting.


If you are not being automatically logged in, view the following article for possible solutions:

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?