SSH/SCP without a password

Here are some links:

Steps to create and distribute RSA key

#generate the keys for whomever is logged on (use a passphrase)
ssh-keygen -t rsa
#copy public key to target machine
ssh-copy-id -i ~/.ssh/
#make sure that the following permissions are in place at both ends:
chmod 700 .ssh
chmod 600 .ssh/*
chmod +r  .ssh/*.pub

Strategies for Key Automation

  1. Use -i option in rsync to load key
    The key is dynamically loaded via the -e “ssh -i filename ...” mechanism. Simple and clean.
    See Troy at:
    Note that Troy has the best security solution for rsync at the receiving end.
  2. Use a .ssh/config file
    All the information to make a connection is stored in the .ssh/config file, including the port number for ssh. Very convenient and easy to manage.
    See Dean at:…up/unattended.html
  3. Use ssh-agent and ssh-add to load the key
    A little bit cumbersome as one script has to call another.
    See Rimu at:…yncbackup.jsp
  4. Use keychain to manage keys
    This is theoretically the strongest since it enables a passphrase to be used. However, this has to be entered by hand every time the system is rebooted. Also, it needs the keychain script to be installed.
    See IBM at:…backup/index.html


  • Concepts
    • The initiator computer must generate keys (e.g. backupk) and a .ssh/config file to link them to thre receiver
    • The receiver computer must have an account (e.g. backuser) containing .ssh/authorized_keys
    • The public key from the initiator is placed in this .authorized_keys file
    • This is neatly accomplished with the following script:
  • create the keys using the script below, and test
  • install validate-rsync on the server
  • modify the authorized_keys on the server so that the entry starts with: from=“”,command=”/backups/validate-rsync”,no-port-forwarding,no-X11-forwarding,no-pty
validate-rsync.264 bytes
create_ssh_keys.txt865 bytes