I recently reinstalled the OS on one of my Macs, and I’ve got backup scripts on my CentOS Linux box that use rsync to back up some pertinent data, so I had to reestablish the SSH key between the machines and had a hard time remembering how to do it. So this time I’m documenting what I had to re-learn.

First of all, there’s a great post over at nixCraft that basically explains how to do it. But allow me to explain more thoroughly, ahem, dumbed down to my level. 

The key is remembering which machine is filling which role when you’re reading the instructions. I’ll call them the “Acting” machine–the one who is taking action and performing a command, let’s say an rsync command–and the “Target” machine–the one who is being acted upon. In my case, the Linux server is the acting machine performing the rsync command, and my Mac is the target.

The process is simple. On the “Target” machine, generate a key, and then give that key to the “Acting” machine, which effectively gives it “permission” to login without the need to supply username/password credentials.

So, from the “Target” machine, in this case, my Mac, type the following command:

ssh-keygen -t rsa

This will generate a couple files that serve as a key for accessing the Mac. The ssh-keygen command may ask you where to store the key and what password to use. Just hit enter to use the default path and a blank password.

Next, still from the “Target” machine (my Mac), type:

ssh MyUsername@ActingServer ”mkdir .ssh”
scp .ssh/id_rsa.pub MyUsername@ActingServer:.ssh/authorized_keys2

In the code above, MyUsername@ActingServer would be the username and address (for instance, perhaps the IP address) of the “Acting” machine, in my case, the Linux server. In the first line, you’re just creating the .ssh directory if it doesn’t exist. In the second line, you’re copying the key you generated from the “Target” machine to the “Acting” machine, or from the Mac to the Linux server.  Note that the scp command will ask for the password to the MyUsername account because it is connecting to that server to send it the key.

Voile. As if by magic, the “Acting” machine should now be able to SSH into the “Target” machine without a password prompt. Correspondingly, you should be able to perform rsync and other SSH commands without a password prompt. Please note, however, that this is only a one-way key. We only gave my Linux server permission to access my Mac.

What if I want my Mac to similarly login to the server without a password prompt? In that case, the Mac and the server have effectively switched roles; the Mac is now the “Acting” machine and the server is the “Target” machine, so we just have to repeat the process from the other direction. Generate a key from the server and send it to the Mac. At that point, both machines will be able to access each other without a password prompt. 

What if I have multiple “Targets” that the “Acting” machine will connect to? For instance, perhaps I have multiple Macs, and the Linux server is running scripts on all of them. When you’re sending the key to the “Acting” server with the scp command, use a different name for each key file, don’t overwrite the same file each time! So in the example code above, we’re sending the key as “authorized_keys2″. When repeating this process for multiple targets, send the keys as “authorized_keys3″, and so forth.

Hopefully this will clear up some confusion regarding this process.