Get rid of the need to type-in passwords in SSH connections using SSH public key authentication


Assuming the following machines:

your local node
the node you wish to be able to hop to without having to enter a password every time
… do the following:

old-style manual way

  1. on machine A:
  2. If the file ~/.ssh/ does not already exist do a:
    ssh-keygen -t rsa
    … and copy the long single line that this file contains into your clipboard
  3. on machine B
  4. Copy the line you placed into the clipboard at the end of file: ~/.ssh/authorized_keys (and make sure said file is readable). NB 1:make sure to add an end-of-line at the end otherwise the file will be mangled if you try to add an additional key using the more automated way described below.

more automated way

Recently I did the following (source) and it worked like a charm (provided the ~/.ssh/authorized_keys file at the destination machine ends with an end-of-line character (0x0A in real operating systems). From the source machine:

ssh-copy-id -i  ~/.ssh/ youraccountname@destination.machine

update 2018 August

I used the following (also from the source machine):

cat ~/.ssh/ | ssh youraccountname@destination.machine "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
… as advised here. The advantage of this method is that it does not require the ssh-copy-id program to be installed on the source machine.


  1. I have also encountered cases where it was necessary to do the following in machine B: … this is described in the source. Unless I applied those permissions ssh would still ask me for a password.
  2. I have also encountered cases where public authentication (referred to by the sysadmin people as "passwordless SSH") was disabled for "security reasons" (whatever). Apparently this is configured in the /etc/ssh/sshd_config file where, for instance in my system where I have SSH public key authentication enabled one sees:
    PubkeyAuthentication yes
    BTW, it is actually considered a best practice to disable password-based authentication and only allow public key-based authentication, i.e. the exact opposite of what those admins are doing!