# 1、资料 * [CentOS7.4 的配置文件中没有 RSAAuthentication 这一行](https://www.cnblogs.com/Leroscox/p/9627809.html) * [SSH_keys](https://wiki.archlinux.org/index.php/SSH_keys) # 2、sshd配置 ```bash vi /etc/ssh/sshd_config ``` ```toml PermitRootLogin yes StrictModes no PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no ClientAliveInterval 3 ClientAliveCountMax 10 UseDNS no # 允许ssh端口转发 AllowAgentForwarding yes AllowTcpForwarding yes GatewayPorts yes X11Forwarding yes ``` ```bash vi /etc/ssh/ssh_config ``` ```toml StrictHostKeyChecking no UserKnownHostsFile /dev/null ``` # 3、使用私钥登录 ```bash # 远端生成密钥对 ssh-keygen -t rsa; cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys # 客户端拿到远端生成id_rsa(私钥)登录 mv id_rsa id_rsa.pem chmod 0400 id_rsa.pem ssh -p 22 -i id_rsa.pem user@remote-host ``` # 4、免密码登录 ```bash # 客户端生成密钥对 ssh-keygen -t rsa # 将客户端生成的公钥放到远端用户~/.ssh/authorized_keys ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-host ```