 |  |
2.6. Connecting Without a Password or Passphrase
One of the most frequently asked questions about SSH is: "How can I connect to a remote machine without having to type a password or passphrase?" As you've seen, an SSH agent can make this possible, but there are other methods as well, each with different tradeoffs. Here we list the available methods with pointers to the sections discussing each one. To use SSH clients for interactive sessions without a password or passphrase, you have several options:- Public-key authentication with an agent [Section 2.5, "The SSH Agent"] [Section 6.3, "SSH Agents"]
- Trusted-host authentication [Section 3.4.2.3, "Trusted-host authentication (Rhosts and RhostsRSA)"]
- Kerberos authentication [Section 11.4, "Kerberos and SSH"]
WARNING: Another way to achieve password-less logins is to use an unencrypted private key with no passphrase. Although this technique can be appropriate for automation purposes, never do this for interactive use. Instead, use the SSH agent, which provides the same benefits with much greater security. Don't use unencrypted keys for interactive SSH!On the other hand, noninteractive, unattended programs such as cron jobs or batch scripts may also benefit from not having a password or passphrase. In this case, the different techniques raise some complex issues, and we will discuss their relative merits and security issues later. [Section 11.1, "Unattended SSH: Batch or cron Jobs"]
|  | |
| 2.5. The SSH Agent |  | 2.7. Miscellaneous Clients |
