So to make a long story short, these are the steps:
On the host you want to do this from, do the following:
ssh-keygen -t rsa
scp /root/.ssh/id_rsa.pub remote-host:/root/.ssh/authorized_keys
This is what it will look like:
[root@linuxhost101 ~]# cd ~/.ssh
[root@linuxhost101 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| . . . |
| . o = = |
| S = X o |
| + = + |
| ..++. |
| .E.+. |
| .o... |
Then in the above example, I wante to copy this to another 64 hosts:
[root@linuxhost101 .ssh]# scp /root/.ssh/id_rsa.pub linuxhost102:/root/.ssh/authorized_keys
The authenticity of host 'linuxhost102 (10.22.176.2)' can't be established.
RSA key fingerprint is 1d:fa:90:54:9b:a3:59:a7:f9:12:85:09:0a:67:1b:d2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'linuxhost102' (RSA) to the list of known hosts.
Red Hat Enterprise Linux Server release 6.2 (Santiago)
Kernel 2.6.32-220.el6.x86_64 on an x86_64
id_rsa.pub 100% 416 0.4KB/s 00:00
[root@linuxhost101 .ssh]# scp /root/.ssh/id_rsa.pub linuxhost103:/root/.ssh/authorized_keys
That's it, now when you ssh or scp anything to the 2nd host from the first, it will not prompt you for a password.
Of course if you want to do this from more than one host, then just add to the authorized_keys file rather than overwriting it....
(like this: cat .ssh/id_rsa.pub | ssh firstname.lastname@example.org 'cat >> .ssh/authorized_keys'
IMPORTANT There is a bug in CentOS 6 / SELinux that results in all client presented certificates to be ignored when SELinux is set to Enforcing. To fix this simply:
[root@linux01 ~]# ssh email@example.com 'restorecon -R -v /root/.ssh'
Then it will work.
Or you can just disable selinux altogether at /etc/selinux/config : (you would then need to reboot)
* Addition: if you wanted to do this for multiple hosts, you could add the following in ~/.ssh/config:
Host * StrictHostKeyChecking no
or from command line: ssh -o StrictHostKeyChecking=no
You then won't be prompted about whether you trust the host you are connecting to.