This document briefly discusses setting things up so you can use ssh to remotely log in to the department's Linux machines without being prompted for a password. (Once you do this, you will also be able to use other SSH-based commands, such as scp, without being prompted.) It is not meant as a complete discussion of the various SSH authentication options!
Generate a key for SSH with the following command:
ssh-keygen -t dsa
This command will prompt you for a filename and a ``passphrase''. You can just accept the default choice for the filename. The passphrase is one you will have to supply to use the key; this provides some extra security but also means you have to take additional steps to avoid being prompted for the passphrase rather than your password. A blank passphrase is probably adequate if you just want to use the key for logging in from one of the department machines to another. Some options if you want the additional security of a non-blank passphrase are discussed below.
Once you've run the command, you should have files $HOME/.ssh/id_dsa and $HOME/.ssh/id_dsa.pub. Add the new key to the list of authorized keys by editing file $HOME/.ssh/authorized_keys2 and inserting the text from $HOME/.ssh/id_dsa.pub (as a separate line).
Also verify that file/directory permissions are set appropriately: The .ssh directory and its contents should be accessible only to you (chmod -R go= ~/.ssh), and your home directory should not be group-writable (chmod g-w ~).
Check that everything is set up properly by using ssh to execute a simple command on another machine, e.g.,
ssh xena04 hostname
If everything is set up properly, the command will execute and you will not be prompted for a password. (If you do get a password prompt, check file/directory permissions as described above.)
The first time you try this test for each machine, you'll get some messages ending with a prompt ``are you sure'' etc. Answer ``yes'', and the next time you should not be prompted, unless/until something on the target machine changes in a way that affects keys. If that happens, just answer ``yes'' again. If instead of the prompt you get error messages about authentication failure, try editing file .ssh/known_hosts and removing any lines containing the target machine name.
Having a non-blank passphrase would seem to defeat the purpose of all of this setup, since it appears to just replace the prompt for a password with a prompt for a passphrase. However, you can set things up so that authentication is done by a background process (an ``agent''), in which case you will only be prompted when you start the agent. More information to be added sometime.