Password less ssh/scp/sftp logins require you use the command
ssh-keygen
To create a key without a password you would do something like the following:
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/username/.ssh/id_rsa): <just hit return>
Enter passphrase (empty for no passphrase): <just hit return>
Enter same passphrase again: <just hit return>
Your identification has been saved in /Users/username/.ssh/id_rsa.
Your public key has been saved in /Users/username/.ssh/id_rsa.pub.
The key fingerprint is:
67:90:0b:c7:1f:1b:8e:e7:75:00:46:d2:cd:03:8a:90 username@hostname
The key's randomart image is:
+--[ RSA 2048]----+
| .. .o=+ |
| E. o =..+ |
| o * o .. |
| o * + . |
| S B . . |
| = . . |
| . |
| |
| |
+-----------------+
NOTE: The above was just an example, and I DO NOT actually use this generated key. I threw it away as soon as it was generated for my own safety.
ssh-keygen will create 2 files in the .ssh subdirectory under your home directory. id_rsa and id_rsa.pub
ls -la $HOME/.ssh
You keep the id_rsa private and never let it out of your control as that is the file that gives you access to other systems and if anyone gets control of rsa_id they can get into any other system you have setup to allow you passwordless ssh/scp/sftp access. If you do not setup any systems for passwordless access, then it is just a meaningless file.
The id_rsa.pub file can be safely viewed by others, which is why it is named .pub for public.
You need to copy the id_rsa.pub file to any remote system that you wish to have passwordless ssh/scp/sftp access.
In your account on the remote system you store contents of the id_rsa.pub file in your remote home directory .ssh/authorized_keys file. If the remote system does not have a .ssh directory yet, the BEST way to create one is to issue an ssh, scp, or sftp command even if the command does not go anywhere. Just executing one of these commands on your remote system will create a .ssh subdirectory in your remote system account, and it will be created with all the correct ownership and permissions (ssh, scp, sftp are very sensitive to correct ownership and permissions on some key files and directories to maintain their secure connections, so letting ssh, scp, or sftp create the initial .ssh subdirectory is the best way to go).
So anyway, on the remote system, after you have transferred your id_rsa.pub file to it, you use the following command to establish your passwordless login to that system:
cat id_rsa.pub >>$HOME/.ssh/authorized_keys
What you have just done, is arranged for the remote system to accept ssh, scp, or sftp connection requests from your Mac user account. The private id_rsa file you keep on your Mac will be used to cryptically sign a message to the remote system. The remote system will use your id_rsa.pub information it has stored in your remote account's authorized_keys file to decrypt the message and verify it is really you. Once that is verified, you will be connected and can do whatever you want to do using ssh, scp or sftp without needing a password.
NOTE: Storing your id_rsa.pub file contents on the remote system DOES NOT give the remote system any special access to your Mac. So your Mac is going to remain secure. Even if you loose control of the id_rsa file, your Mac remains secure. What is in danger if you loose control of the rsa_id file is the remote system that trusts anyone that has your id_rsa file.
If AND ONLY IF for some reason you do need the remote system to have similar access to your Mac, then you reverse the ssh-keygen process, and generate keys on the remote system, transfer the .pub to your Mac, and store it in your authorized_keys file. BUT ONLY IF you need the remote system to be able to access your Mac. And even then there could be other hurdles to cross to get to your Mac through your home router, so unless you need that kind of remote to you access, just pretend I never said anything.
I prefer writing scripts using scp to transfer files as it is much easier to script than sftp, which is better for interactive exploring and transfer.