Used for Public/Private key authentication by the ssh(1) client.

place your public key in the AuthorizedKeysFile? in /.ssh and provided you have ssh-agent(1) setup correctly you shouldn't have to type in your password/keyphrase much.

for ssh1 keys place it in

/.ssh/authorized_keys

for ssh2 keys place it in

/.ssh/authorized_keys2

Make sure these file are owned by the owner (especially not root), and their permissions are no more than 600. Also make sure that /.ssh is no more than 700, or ssh will complain and ignore these files as being potentially unreliable. (unfortunately it doesn't tell you it's complaining, it just puts it into syslogd(8).

Under debian, theres a ssh-copy-id(1) program which does all this automagically, it's easy to use

ssh-copy-id hostname

and it's all setup!

To generate a key use ssh-keygen(1). If you can, you want to use a ssh2 key. This can be generated with

ssh-keygen -t dsa

or

ssh-keygen -t rsa

(depending on what type of key you want)

then use

ssh-copy-id hostname

and ya done.

Limit key use to certain machines

You can tell sshd (the server side) to only allow keys to be used from specified host names. In front of the key in the .authorized_keys file,

you can put a list of globs. Eg

from="*.com,localhost" ssh-dss XXXX....base64..keyid....= username@host

will only allow this key to be used from localhost and .coms.

You can also prefix a glob with a ! to negate it.

There are lots of other options, which are documented in the man page linked to below.

See also sshd(8)