How to Set Up a Password-less SSH Login
Setting up passwordless SSH logins is a great way to speed up connections to regularly accessed remote Macs and unix boxes. Because not all versions of Mac OS X include the ssh-copy-id command, you may have to use cat or scp to copy over your ssh key. This is how to set everything up, it only takes a minute or so.
First, on the local machine you will want to generate a secure SSH key:
Walk through the key generator and set a password, the key file by default goes into ~/.ssh/id_rsa
Next, you need to copy the generated key to the remote server you want to setup passwordless logins with, this is easily done with the following command string but you can use ssh-copy-id or scp if you’d prefer:
cat ~/.ssh/id_dsa.pub | ssh user@remotehost 'cat >> ~/.ssh/authorized_keys'
(Remember to replace “user@remotehost” with the appropriate username and remote IP address or domain of the server)
This command takes the generated SSH key from the local machine, connects to the remote host via SSH, and then uses cat to append the key file to the remote users authorized key list. Because this connects with SSH to the remote machine you will need to enter the regular ssh login password to use this command.
Finally, confirm that you can now login to the remote SSH server without a password:
Assuming initial setup went as intended, you will connect to the remote machine without having to log in. You can shorten the connection steps even further by creating an alias in bash_profile so that you are only required to type a short command to immediately connect to the specified remote server.
There are some obvious potential security risks with using ssh without a password, the best way to mitigate that is to lock down the client machine with lock screens for screen savers and sleep, using a lock screen keyboard shortcut when you leave a workstation unattended, and setting appropriate login passwords, and enable FileVault disk encryption, all of which you should be utilizing anyway. You can even go a step further and enable a firmware password.