It is not very difficult but every time I want to create and populate an ssh certificate I have to search for it. So I will show how to create and populate an ssh certificate for password less login over ssh.
And if we have a look to man page of ssh (see below), it sounds really simple. Just create your key, copy the key to destination and register in authorized_keys. But how to do that in a simple way?
Steps to do:
- create a key:
eeelin:~$ ssh-keygen #(Don’t enter a password for password less login)
- copy the key to remote:
eeelin:~$ cat ~/.ssh/id_rsa.pub | ssh user@host ‘cat >> ~/.ssh/authorized_keys’
To use certificates would be much more secure than use an ssh connection with password. If you use a certificate there is a guarantee it is the owner of this certificate. And if you provide a password while generating the certificate it would improve security again. And you don’t have to remember all the original passwords.
Another reason to use a certificate is, an application which has to connect over ssh. It would be possible just to put the certificate into the application and nobody has to know the password.