# Environment Description
Client: Mac OS X
Server: CentOS 6.5
Client: OpenSSH, OS X, and most Linux have built-in OpenSSH. 'ssh-V' command to view the version.
# General process
1. Create a key file on the client, including the public key file (~ /. Ssh/id_rsa.pub), private key file (~ /. Ssh/id_rsa ).
2. Put the public key on the server (~ /. Ssh/authorized_keys). During ssh logon, the ssh program will send a private key to match the public key on the server. If the match succeeds, you can log on automatically.
# Client Configuration
1. View ~ /. Ssh folder. If the public key file (id_rsa.pub) and private key file (id_rsa) already exist, you can skip the client configuration.
2. Generate the key file.
$ Ssh-keygen
Then press Enter.
Then ~ /. In ssh, id_rsa.pub and id_rsa are generated. The id_rsa file uniquely identifies your client.
Note: Do not change the file names of these two files. The id_rsa file will be read during ssh login.
# Server Configuration
1. Modify the sshd configuration file (/etc/ssh/sshd_config ).
Find the following content and remove the annotator "#"
======================================
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile. ssh/authorized_keys
======================================
2. Configure the authorized_keys file.
If '~ /. Ssh/authorized_keys 'does not exist, the. ssh folder and the authorized_keys file are created.
Copy the content of client id_rsa.pub in the previous article to authorized_keys.
PS: You can run the following command on the client to copy the file:
Cat ~ /. Ssh/id_rsa.pub | ssh user @ host "cat-> ~ /. Ssh/authorized_keys"
Note:
1) the ssh directory permission must be 700
2). The ssh/authorized_keys File Permission must be 600
3. Restart sshd.
$/Etc/init. d/sshd restart
# Test
Client execution: ssh-v user @ host (-v debugging mode)
Some login information is displayed.
If login fails or you still need to enter the password, you can view the log file on the server:/var/log/secure.
If the login is successful, you can use 'ssh user @ host' to log on directly, without entering the password.