# 1、资料

* [CentOS7.4 的配置文件中没有 RSAAuthentication 这一行](https://www.cnblogs.com/Leroscox/p/9627809.html)
* [SSH_keys](https://wiki.archlinux.org/index.php/SSH_keys)

# 2、sshd配置
```bash
vi /etc/ssh/sshd_config
```
```toml
PermitRootLogin yes
StrictModes no
PubkeyAuthentication yes
AuthorizedKeysFile  .ssh/authorized_keys
PasswordAuthentication no
ClientAliveInterval 3
ClientAliveCountMax 10
UseDNS no
# 允许ssh端口转发
AllowAgentForwarding yes 
AllowTcpForwarding yes 
GatewayPorts yes 
X11Forwarding yes
```

```bash
vi /etc/ssh/ssh_config
```
```toml
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
```

# 3、使用私钥登录
```bash
# 远端生成密钥对
ssh-keygen -t rsa;
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
# 客户端拿到远端生成id_rsa(私钥)登录
mv id_rsa id_rsa.pem
chmod 0400 id_rsa.pem
ssh -p 22 -i id_rsa.pem user@remote-host
```
# 4、免密码登录
```bash
# 客户端生成密钥对
ssh-keygen -t rsa
# 将客户端生成的公钥放到远端用户~/.ssh/authorized_keys
ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-host
```