基础篇

执行: ssh-keygen -t rsa

rocky@tiger:~$ ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/rocky/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/rocky/.ssh/id_rsa.Your public key has been saved in /home/rocky/.ssh/id_rsa.pub.The key fingerprint is:02:fc:ca:a5:8b:28:d1:bf:0a:d5:40:7a:80:8d:43:b1 rocky@tigerThe key's randomart image is:+--[ RSA 2048]----+|+=o              ||++o.             ||.Eo o            || . o o           || .. . + S        ||.... + .         ||.. .+            ||.o ...           ||o o.o.           |+-----------------+

注:提示输入passphrase的时候,直接输入回车,这样登录时就无需再输入密码
执行后会在/home/rocky/.ssh/目录下生成两个文件: id_rsa(私钥) id_rsa.pub(公钥)

上传id_rsa.pub文件到remote server的 ~/.ssh/目录下 (没有该目录时,自行创建即可)
scp /home/rocky/.ssh/id_rsa.pub root@ipaddr:/root/.ssh/authorized_keys (此时要输入密码)
注:1.上面的命令不但会把id_rsa.pub文件上传到remote server的/root/.ssh目录下,还会把文件名替换为authorized_keys 即authorized_keys文件就是id_rsa.pub文件
2.如果之前remote server上已经存在了authorized_keys文件,上面的命令会清除文件内容在写入.因此这个时候最好先保存为其他某个文件,再把文件内容追加到authorized_keys文件中. cat xxx.pub >> authorized_keys

重新登录测试
ssh root@ipaddress

如果仍然需要密码,需登录到remote server检查.ssh目录的权限是否为700,以及authorized_keys文件的权限是否为644

再次测试,成功

异常处理:
1.Agent admitted failure to sign using the key.
在本机执行ssh-add命令即可

rocky@tiger:.ssh$ ssh-addIdentity added: /home/rocky/.ssh/id_rsa (/home/rocky/.ssh/id_rsa)

进阶篇

基础篇中采用scp把公钥文件拷贝到remote server的authorized_keys文件中,其中要注意各种文件,比如权限,内容追加这些地方.

下面有个简便方法搞定上诉步骤:
ssh-copy-id -i .ssh/id_rsa.pub user@IP
该命令会自动把id_rsa.pub命令追加到user用户下的.ssh/authorized_keys文件中.