26.2 SSH authentication – password vs. SSH key
Because this server uses passwords for authentication, this command will then prompt me for my password.
An alternative to password authentication is using SSH keys.
Under this system, the host machine (say, your laptop, or the PEcAn VM) has to generate a public and private key pair (using the ssh-keygen
command).
The private key (by default, a file in ~/.ssh/id_rsa
) lives on the host machine, and should never be shared with anyone.
The public key will be distributed to any remote machines to which you want the host to be able to connect.
On each remote machine, the public key should be added to a list of authorized keys located in the ~/.ssh/authorized_keys
file (on the remote machine).
The authorized keys list indicates which machines (technically, which keys – a single machine, and even a single user, can have many keys) are allowed to connect to it.
This is the system used by all of the PEcAn servers (pecan1
, pecan2
, test-pecan
).