Passwordless logins over ssh are both practical and secure.
This is how to set it up.
You're have an account on a local client with which you're ssh'ing to a server running the ss-daemon on port 2222.
You also already have an account on the remote server.
Login to your account on the local client and open a terminal.
Enter the following.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa): [Accept the default path by pressing Escape]
Created directory '/home/test/.ssh'.
Enter passphrase (empty for no passphrase): [Press Enter]
Enter same passphrase again: [Press Enter]
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| T . |
| o Yo + |
| E @ * S + |
| o o + . = |
| + .p. |
| . .x|
| e. |
Now we have the ssh keypairs! We need to authorize them. This is done like so.
$ cd ~/.ssh
$ cat id_rsa.pub >> authorized_keys
$ cat id_rsa.pub >> authorized_keys2
For safety, check the permissions on the .ssh folder as well as the files therein.
$ chmod -v 700 ~/.ssh
$ chmod -v 644 ~/.ssh/*
$ chmod -v 600 ~/.ssh/id_rsa
Also see Troubleshooting ssh "Unspecified GSS failure" regarding the permissions. Wrong permissions on the keys can create a common problem.
Now it's time to distribute your public key to the remote server.
$ cd ~/.ssh
$ ssh-copy-id -p 2222 "-i id_rsa.pub root@cyndane2"
The authenticity of host '[cyndane2]:2222 ([::1]:2222)' can't be established.
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:X:XX.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[cyndane2]:2222' (RSA) to the list of known hosts.
root@cyndane2's password: [Enter your root account password here!]
Now try logging into the machine, with "ssh '-p 2222 root@cyndane2'", and check in:
to make sure we haven't added extra keys that you weren't expecting.
Now the tricky thing is that the -p flag isn't at the same place for ssh as for ssh-copy-id, so try this instead of just copy'n'pasting.
$ ssh root@cyndane2 -p 2222
Last login: Thu Nov 8 14:47:32 2018 from cyndane2
Aaaand were in!
Repeat the ssh-copy-id procedure as needed to all your remote servers.
The ssh-keygen procedure is only done once though!
From all over the interwebs!