[原文]:
HOWTO: set up ssh keys
Paul Keck, 2001
Getting Started

  1. First, install OpenSSH on two UNIX machines, hurly and burly.This works best using DSA keys and SSH2 by default as far as I cantell. All the other HOWTOs I’ve seen seem to deal with RSA keys andSSH1, and the instructions not surprisingly fail to work with SSH2.
  2. On each machine type ssh somemachine.example.com and make aconnection with your regular password. This will create a .ssh dir inyour home directory with the proper perms.
  3. On your primary machine where you want your secret keys to live (let’s say hurly), type

    1
    ssh-keygen -t dsa

    This will prompt you for a secret passphrase. If this isyour primary identity key, make sure to use a good passphrase. If thisworks right you will get two files called id_dsa and id_dsa.pub in your.ssh dir. Note: it is possible to just press the enter key whenprompted for a passphrase, which will make a key with no passphrase.This is a Bad Idea ? for an identity key, so don’t do it! See below foruses of keys without passphrases.

    1
    scp ~/.ssh/id_dsa.pub burly:.ssh/authorized_keys2

    Copy the id_dsa.pub file to the other host’s .ssh dir with the name authorized_keys2.

  4. Now burly is ready to accept your ssh key. How to tell it whichkeys to use? The ssh-add command will do it. For a test, type

    1
    ssh-agent sh -c 'ssh-add < /dev/null && bash'

    This will start the ssh-agent, add your defaultidentity(prompting you for your passphrase), and spawn a bash shell.From this new shell you should be able to:

  5. ssh burly

    1
    ssh burly

    This should let you in without typing a password orpassphrase. Hooray! You can ssh and scp all you want from this bashshell and not have to type any password or passphrase.

[实战]:

生成密匙对

1
ssh-keygen -t rsa

这一步在~/.ssh目录下生成三个文件: id_rsa.pub ,id_rsa ,authorized_keys
公共密钥存放在 id_rsa.pub 中
私有密钥存放在 id_rsa 中

1
scp ~/.ssh/id_rsa.pub root@xxx.xxx.xxx.xxx:~/.ssh/authorized_keys

有时需要更改.ssh 权限 为755

以后用ssh登陆的时候就不用输入密码了,使在script中使用scp或ssh的时候更为方便
用ssh 执行远程程序在本地显示:

1
ssh -n xxx.xxx.xxx.xxx filename