http://blog.csdn.net/sunnyyoona/article/details/51689041

创建ssh-key

这里我们采用rsa方式，使用如下命令：

xiaosi@xiaosi:~$ ssh-keygen-t rsa-f~/.ssh/id_rsa

Generatingpublic/private rsa key pair.

Createddirectory'/home/xiaosi/.ssh'.

Enter passphrase (empty for no passphrase):

Entersame passphrase again:

Youridentification has been savedin/home/xiaosi/.ssh/id_rsa.

Yourpublic key has been savedin/home/xiaosi/.ssh/id_rsa.pub.

Thekey fingerprint is:

SHA256:n/sFaAT94A/xxxxxxxxxxxxxxxxxxxxxxxxiaosi@xiaosi

Thekey's randomart image is:

+---[xxxxx]----+

|        o= .. .. |

|        o.= ..  .|

|         *.* o  .|

|        +.4.=E+..|

|       .SBo=. h+ |

|        ogo..oo. |

|          or +j..|

|          ...+o=.|

|          ... o=+|

+----[xxxxx]-----+

备注：

这里会提示输入pass phrase，一定不要输入任何字符，回车即可。

2. 生成authorized_keys文件

xiaosi@xiaosi:~$ cat~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys

备注：

记得要把authorized_keys文件放到.ssh目录下，与rsa等文件放在一起，否则免登录失败，debug如下（ssh -vvv localhost进行调试，查找错误原因）：

xiaosi@xiaosi:~$ ssh-vvv localhost

OpenSSH_7.2p2Ubuntu-4ubuntu1,OpenSSL1.0.2g-fips1Mar2016

debug1:Readingconfiguration data/etc/ssh/ssh_config

debug1:/etc/ssh/ssh_config line19:Applyingoptionsfor*

debug2:resolving"localhost"port22

debug2:ssh_connect_direct:needpriv0

debug1:Connectingto localhost[127.0.0.1]port22.

debug1:Connectionestablished.

debug1:identity file/home/xiaosi/.ssh/id_rsa type1

debug1:key_load_public:Nosuch file or directory

debug1:identity file/home/xiaosi/.ssh/id_rsa-cert type-1

debug1:key_load_public:Nosuch file or directory

debug1:identity file/home/xiaosi/.ssh/id_dsa type-1

debug1:key_load_public:Nosuch file or directory

debug1:identity file/home/xiaosi/.ssh/id_dsa-cert type-1

debug1:key_load_public:Nosuch file or directory

debug1:identity file/home/xiaosi/.ssh/id_ecdsa type-1

debug1:key_load_public:Nosuch file or directory

debug1:identity file/home/xiaosi/.ssh/id_ecdsa-cert type-1

debug1:key_load_public:Nosuch file or directory

debug1:identity file/home/xiaosi/.ssh/id_ed25519 type-1

debug1:key_load_public:Nosuch file or directory

debug1:identity file/home/xiaosi/.ssh/id_ed25519-cert type-1

debug1:Enablingcompatibility modeforprotocol2.0

debug1:Localversion string SSH-2.0-OpenSSH_7.2p2Ubuntu-4ubuntu1

debug1:Remoteprotocol version2.0,remote software versionOpenSSH_7.2p2Ubuntu-4ubuntu1

debug1:match:OpenSSH_7.2p2Ubuntu-4ubuntu1patOpenSSH*compat0x04000000

debug2:fd3setting O_NONBLOCK

debug1:Authenticatingto localhost:22as'xiaosi'

debug3:hostkeys_foreach:reading file"/home/xiaosi/.ssh/known_hosts"

debug3:record_hostkey:found key type ECDSAinfile/home/xiaosi/.ssh/known_hosts:1

debug3:load_hostkeys:loaded1keys from localhost

debug3:order_hostkeyalgs:prefer hostkeyalgs:ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521

debug3:send packet:type20

debug1:SSH2_MSG_KEXINIT sent

debug3:receive packet:type20

debug1:SSH2_MSG_KEXINIT received

debug2:localclient KEXINIT proposal

debug2:KEX algorithms:curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c

debug2:host key algorithms:ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

debug2:ciphers ctos:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc

debug2:ciphers stoc:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc

debug2:MACsctos:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2:MACsstoc:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2:compression ctos:none,zlib@openssh.com,zlib

debug2:compression stoc:none,zlib@openssh.com,zlib

debug2:languages ctos:

debug2:languages stoc:

debug2:first_kex_follows0

debug2:reserved0

debug2:peer server KEXINIT proposal

debug2:KEX algorithms:curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

debug2:host key algorithms:ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519

debug2:ciphers ctos:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2:ciphers stoc:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2:MACsctos:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2:MACsstoc:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2:compression ctos:none,zlib@openssh.com

debug2:compression stoc:none,zlib@openssh.com

debug2:languages ctos:

debug2:languages stoc:

debug2:first_kex_follows0

debug2:reserved0

debug1:kex:algorithm:curve25519-sha256@libssh.org

debug1:kex:host key algorithm:ecdsa-sha2-nistp256

debug1:kex:server->client cipher:chacha20-poly1305@openssh.com MAC:compression:none

debug1:kex:client->server cipher:chacha20-poly1305@openssh.com MAC:compression:none

debug3:send packet:type30

debug1:expecting SSH2_MSG_KEX_ECDH_REPLY

debug3:receive packet:type31

debug1:Serverhost key:ecdsa-sha2-nistp256 SHA256:378enl3ckhdpObP8fnsHr1EXz4d1q2Jde+jUplkub/Y

debug3:hostkeys_foreach:reading file"/home/xiaosi/.ssh/known_hosts"

debug3:record_hostkey:found key type ECDSAinfile/home/xiaosi/.ssh/known_hosts:1

debug3:load_hostkeys:loaded1keys from localhost

debug1:Host'localhost'is known and matches the ECDSA host key.

debug1:Foundkeyin/home/xiaosi/.ssh/known_hosts:1

debug3:send packet:type21

debug2:set_newkeys:mode1

debug1:rekey after134217728blocks

debug1:SSH2_MSG_NEWKEYS sent

debug1:expecting SSH2_MSG_NEWKEYS

debug3:receive packet:type21

debug2:set_newkeys:mode0

debug1:rekey after134217728blocks

debug1:SSH2_MSG_NEWKEYS received

debug2:key:/home/xiaosi/.ssh/id_rsa(0x5602df5e80c0)

debug2:key:/home/xiaosi/.ssh/id_dsa((nil))

debug2:key:/home/xiaosi/.ssh/id_ecdsa((nil))

debug2:key:/home/xiaosi/.ssh/id_ed25519((nil))

debug3:send packet:type5

debug3:receive packet:type7

debug1:SSH2_MSG_EXT_INFO received

debug1:kex_input_ext_info:server-sig-algs=

debug3:receive packet:type6

debug2:service_accept:ssh-userauth

debug1:SSH2_MSG_SERVICE_ACCEPT received

debug3:send packet:type50

debug3:receive packet:type51

debug1:Authenticationsthat cancontinue:publickey,password

debug3:start over,passed a different list publickey,password

debug3:preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password

debug3:authmethod_lookup publickey

debug3:remaining preferred:keyboard-interactive,password

debug3:authmethod_is_enabled publickey

debug1:Nextauthentication method:publickey

debug1:OfferingRSA public key:/home/xiaosi/.ssh/id_rsa

debug3:send_pubkey_test

debug3:send packet:type50

debug2:we sent a publickey packet,waitforreply

debug3:receive packet:type51

debug1:Authenticationsthat cancontinue:publickey,password

debug1:Tryingprivate key:/home/xiaosi/.ssh/id_dsa

debug3:no such identity: /home/xiaosi/.ssh/id_dsa: No such file or directory

debug1:Tryingprivate key:/home/xiaosi/.ssh/id_ecdsa

debug3:no such identity: /home/xiaosi/.ssh/id_ecdsa: No such file or directory

debug1:Tryingprivate key:/home/xiaosi/.ssh/id_ed25519

debug3:no such identity: /home/xiaosi/.ssh/id_ed25519: No such file or directory

debug2:we did not send a packet,disable method

debug3:authmethod_lookup password

debug3:remaining preferred:,password

debug3:authmethod_is_enabled password

debug1:Nextauthentication method:password

xiaosi@localhost's password:

3. 验证

xiaosi@xiaosi:~$ ssh localhost

Theauthenticity of host'localhost (127.0.0.1)'can't be established.

ECDSA key fingerprint is SHA256:378enl3ckhdpObP8fnsHr1EXz4d1q2Jde+jUplkub/Y.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.

sign_and_send_pubkey: signing failed: agent refused operation

xiaosi@localhost's password:

4. authorized_keys权限

我们可以看到还是让我输入密码，很大可能是authorized_keys文件权限的问题，我们给该文件赋予一定权限：

xiaosi@xiaosi:~$ chmod600~/.ssh/authorized_keys

再次验证：

xiaosi@xiaosi:~$ ssh localhost

WelcometoUbuntu16.04LTS(GNU/Linux4.4.0-24-generic x86_64)

*Documentation:https://help.ubuntu.com/

0个可升级软件包。

0个安全更新。

Lastlogin:ThuJun1608:05:502016from127.0.0.1

到此表示OK了。

备注：

或者第一次需要输入密码，以后再次登陆就不需要输入密码了。

有更明白的小伙伴可以指导一下。。。。。。