===== public key authentication =====

:!: UPDATE - using ssh-copy-id is easier.  See this page: http://serverfault.com/questions/241588/how-to-automate-ssh-login-with-password

You know you can connect to a host with ssh by typing a password when requested.  However it is usually easier, especially for a scripted environment, to run ssh without having to type the password.  This also keeps the user password safe.

  - on the connecting client, NOT the ssh server host, generate a public/private key pair (don't type a password when asked)<code>
ssh-keygen
</code>
  - this creates a private key ~/.ssh/id_rsa, and a public key ~/.ssh/id_rsa.pub
  - the single line inside the public key file needs copied to a file on the ssh server host at ~/.ssh/authorized_keys

===== Troubleshooting =====
If you still get a password prompt, try to correct these items:

  * Your home directory ~ and your ~/.ssh directory on the remote machine must be writable only by you: %%rwx------%% and %%rwxr-xr-x%% are fine, but %%rwxrwx---%% is no good, even if you are the only user in your group (if you prefer numeric modes: 700 or 755, not 775).
  * Your private key file (on the local machine) must be readable and writable only by you: %%rw-------%%, i.e. 600.
  * Your ~/.ssh/authorized_keys file (on the remote machine) must be readable (at least 400), but you'll need it to be also writable (600) if you will add any more keys to it.  I had to make this writable only by root (644) to correct a password prompt issue recently.

===== Notes =====
  * the authorized_keys file may contain one or more lines for all the hosts that are authorized to connect
  * the authorization files are per user on the host, so the appropriate user should hold the authorized_keys file