One problem with this is a privileged (eg, root) user could steal your private key (~/.ssh/id_dsa) and then be able to do ssh/scp commands using your credentials. The solution is to encrypt your private keys with a passphrase, which I'll describe.
But then you're back to having to enter a secret (the passphrase to your local private key instead of the password to your target userid on the remote system). The solution to that is to use ssh-agent & ssh-add, which will "remember" your passphrase so you only need to enter it once per login. I'll describe that process and how you might set that up, but I'll finish with the best way (that I've found) to set this up.
~/.ssh/identity for ssh version 1 RSA ~/.ssh/id_rsa for ssh version 2 RSA and ~/.ssh/id_dsa for ssh version 2 DSA (Best and what we're going to use)When creating these files, you can and should create them with a passphrase which would prevent root from stealing them. Passphrases must be greater than 5 characters. On linux2, I chose to use the full name of my dog.
ssh-keygen -t dsacreates ~/.ssh/id_dsa (your encrypted private key) and ~/.ssh/id_dsa.pub (your public key).
scp -p .ssh/id_dsa.pub root@linux2:.ssh/authorized_keys scp -p .ssh/id_dsa.pub root@linux3:.ssh/authorized_keys scp -p .ssh/id_dsa.pub root@linux4:.ssh/authorized_keysAt this point, you can ssh/scp to the target without specifying the target's password. You will have to provide your passphrase though.
scp .bashrc root@linux2:junk Enter passphrase for key '/home/rick/.ssh/id_dsa': .bashrc 100% 171 0.2KB/s 00:00
ssh-agent xterm & (if you have X running) ssh-agent bash ssh-agent $SHELLwill launch an ssh-agent you can use and put you back into your shell. You can now
ssh-add .ssh/id_dsaYou'll have to tell ssh-add your passphrase, but afterwards, your ssh/scp commands will need neither a password or passphrase.
for i in 2 3 4;do ssh root@linux$i ls -l .ssh/authorized_keys;done -rw-r--r-- 1 root root 601 Aug 31 12:33 .ssh/authorized_keys -rw-r--r-- 1 root root 601 Aug 31 12:28 .ssh/authorized_keys -rw-r--r-- 1 root root 601 Aug 31 12:28 .ssh/authorized_keys
ssh-agent bash ssh-addand type your passphrase once, but after that, ssh/scp commands work with no password. This of course, could/should be added to one's login and the SSH book on pages 218-229 explains two ways of doing this, what they call the single-shell & subshell methods. There are pros and cons to both methods and they give sample code you could put in your ~/.profile, ~/.logout, but the easiest thing is to use keychain.
/usr/bin/keychain ~/.ssh/id_dsa > /dev/null 2>&1 source .keychain/linux2-sh > /dev/nullIt assures there's only one copy of ssh-agent running and points your login session to that one session. If keychain had to start the ssh-agent, you'll get prompted for your passphrase, else it'll keep that ssh-agent running even if/when you log off, and it'll point you to it at your next login.