There are multiple 'passwordless' methods, some requiring copying keys around, other have different options:
SSH CA: you setup an SSH CA and distribute the CA Public Key to the servers. Then using the SSH CA's Private Key you sign the Public Keys you want to allow access to those systems that trust the CA. This has a number of benefits:
- Additional keys don't have to be distributed over and over again
- You can issue timed signed keys to limit the validity and thus exposure of key pairs, all without changing anything on the destination servers
- You can limit what a user can do by adding extra parameters to a signature such as what usernames are allowed
as a downside, if you sign a public key for an indefinite period, the only way to undo that is to create a new CA or blacklist the specific public key on every individual system.
Other option: Kerberos. This is much more involved to setup (but made easier since systems like FreeIPA package it up quite nicely). Instead of logging in everywhere, you log in once which gives you a Kerberos ticket. This ticket can then be used to authenticate to various systems like websites, fileshares and SSH servers.
Your own option:
Use simple key pairs (a private key and a public key). Either copy the private key to every system you want to connect from and the public key to every system you want to connect to, or create unique pairs per system and copy every public key to every system you want to connect to.