This may not be the most advanced tip in the world, but then again, it may not be obvious to everyone who uses OS X. I know it wasn't obvious to me, and an email exchange with Michael G. today convinced me that I was not alone in my confusion. Hence, this hint...please skip ahead if you're an advanced UNIX user; this is probably a "no brainer" to most of you in that demographic.
Everyone probably knows that OS X includes SSH, a secure remote connection command-line tool. If you have more than one Mac and want to securely connect from one to the other at the command line, SSH is the program of choice. You enable this in the GUI (in the Sharing prefs panel, Application tab, Allow Remote Login), and then connect at the command line with "ssh -l username hostname".
There are a number of authentication schemes to make sure you're who you say you are, and if you implement SSH correctly on both machines, you can connect from one OS X box to another without entering a password, but still have a totally secure connection.
If you don't yet know how to do this, and would like to learn (along with a bit of a primer on SSH's security system), read the rest of the article.
When you initiate an SSH connection, there's a bunch of stuff that goes on behind the scenes to make the connection. You can see this activity by using ssh -v -l username hostname, which invokes verbose mode. If you watch the verbose mode go by, you'll see that the last thing it resorts to is checking your password. We'll set it up so that it never reaches that stage.
The first degree of complexity in making this work is that there are two levels of SSH protocols -- SSH1 and SSH2. Both methods can connect via a number of authorization schemes. SSH1 can use a 'hosts.equiv' file, 'hosts.equiv' with RSA host authentication, RSA public-key cryptography, and (finally) simple password checking, although the passwords are encrypted in transmission. SSH2 can use public-key cryptography or password checking (the hosts.equiv methods apparently are security holes, so their use is strongly discouraged). Although SSH is set up to work out of the box on OS X, you still need to do some things to take full advantage of its power.
In order to connect without a password, using either SSH1 or SSH2, you need to establish a match between the public key of the "connecting" machine (stored on the "connect to" machine) and the "connecting" machine's private key. If the keys match, then SSH knows that the machine can be trusted, and there is no requirement for a password. What complicates matters somewhat is that SSH1 and SSH2 use different public keys, so you have to set them up twice. The following example assumes you wish to connect from your personal Mac (called HomeMac for this example) to your work Mac (called WorkMac), and that you'd like to enable both SSH1 and SSH2. Here's what you need to do.
Step One - Generate your public keys
The first step in the process is to create the public keys on HomeMac. Open a Terminal and type ssh-keygen. You'll see three prompts; you can hit return for the default save location, and leave the passphrase empty (we'll cover that a bit later). When it's done, you'll see some output like:
Your identification has been saved in /Users/username/.ssh/identity.What you've just done is create your public SSH1 key. The passphrase can be used to add a layer of security to the process. If you enter one, you will be prompted for it each time you run an SSH connection. This sort of defeats the purpose of this hint, which is password-free remote connectivity! If only you have access to your machine, it's not a huge security exposure, but just remember that anyone will be able to connect to any of your remote hosts if they have access to your keyboard.
Your public key has been saved in /Users/username/.ssh/identity.pub.
The key fingerprint is:
5d:01:3f:4g:47:d9:a3:12:9c:f1:37:8a:1j:82:73:7e username@localhost
Your identification has been saved in /Users/username/.ssh/id_rsa.You now have two public keys which you need for step two.
Your public key has been saved in /Users/username/.ssh/id_rsa.pub.
The key fingerprint is:
65:3c:9e:15:87:a6:14:4a:55:bf:e4:3e:ea:2c:22:ed username@localhost
Mac OS X Hints
http://hints.macworld.com/article.php?story=20011207004643312