1，客戶端生成金鑰對

#ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):按回車鍵或設定金鑰的儲存路徑
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 直接按回車鍵或設定金鑰的密碼
Enter same passphrase again: 再次按回車鍵或設定金鑰的密碼
Your identification has been saved in
 
 /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
40:32:48:18:e4:ac:c0:c3:c1:ba:7c:6c:3a:a8:b5:22 root@hello
The key's randomart image is:
+--[ RSA 2048]----+
|+*..o . |
|*.o + |
|o* . |
|+ . . |
|o.. S |
|.. + |
|. = |
|E+ . |
|+.o |
+-----------------+

2，把客戶端主機中生成的公鑰檔案傳送到遠端主機：

# ssh-copy-id 192.168.10.10
The authenticity of host '192.168.10.20 (192.168.10.10)' can't be established.
ECDSA key fingerprint is 4f:a7:91:9e:8d:6f:b9:48:02:32:61:95:48:ed:1e:3f.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter
 
out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are
prompted now it is to install the new keys
root@192.168.10.10's password:此處輸入遠端伺服器密碼
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.10.10'"
and check to make sure that only the key(s) you wanted were added.

3，對伺服器進行設定，使其只允許祕鑰驗證，拒絕口令驗證方式，修改配置檔案後要重啟sshd服務。

[root@hello ~]# vim /etc/ssh/sshd_config
………………省略部分輸出資訊………………
74
75 # To disable tunneled clear text passwords, change to no here!
76 #PasswordAuthentication yes
77 #PermitEmptyPasswords no
78 PasswordAuthentication no
79
………………省略部分輸出資訊………………
[root@hello ~]# systemctl restart sshd

4，在客戶端登入到伺服器，此時無需輸入密碼即可成功登陸