First, determine if you already have authentication keys. In the Terminal, run:
sudo ls -la /var/root/.ssh
If you see “id_dsa” and “id_dsa.pub”, then you can skip the rest of this section.
On the client machine, run the following in the Terminal:
sudo ssh-keygen -t dsa -f /private/var/root/.ssh/id_dsa -C "your comment"
This generates the public and private key in /private/var/root/.ssh: id_dsa and id_dsa.pub. Specifying a machine-specific comment at this step will be helpful for the management of authorized keys that you’ll copy to your remote host. Replace “your comment” with something useful, like the IP address or hostname of the machine on which the key was created.
The public key is the “fingerprint” of the private key. Whenever you try to authenticate to another host, the remote machine will use your public key (which you need to copy over to the remote machine first, I’ll describe that in a bit) to verify the temporary key that ssh generates on the fly based on your private key. The public key can be used to verify that the temporary key could only have been generated by the same private key that generated the public key. If you entered a passphrase when you created your keys, you will be required to enter this passphrase when you try to authenticate (which is why using passphrases won’t work with an unattended script). The beauty of using public key authentication is that it is more secure because the encryption is more difficult to break than a password and you never transfer a password over the network.
Next, the id_dsa.pub (the public authentication key) needs to be added to the “/var/root/.ssh/authorized_keys” file on the machine you intend to back up to (e.g. the “server”).
Now we need to copy the client’s public key to the server’s authorized_keys file. We can do this several ways, but the easiest is with a simple Terminal command that appends the public key to the list of authorized keys:
sudo cat /private/var/root/.ssh/id_dsa.pub | ssh root@remote_address 'cat - >> ~/.ssh/authorized_keys'
If you do this multiple times, you’ll get multiple copies of your public key in the server’s authorized_keys file. While this is harmless, it isn’t a good practice, so consider editing that file manually to prune out old keys.