一、生成密钥文件

ssh-keygen

-t  指定生成密钥的类型

-f 指定生成密钥的路径

-b 指定密钥长度，默认是2048

[root@localhost ~]# ssh-keygen -t rsa   # 生成密钥对
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):  
Enter passphrase (empty for no passphrase):  #给私钥设置密码
Enter same passphrase again:       #再次输入
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:6DWyVtlQvY5YV5imaBvDzhZfPpDZP8bBhDWox9k5NHY root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|          .. *o  |
|         .  B *.E|
|       ... O X + |
|       .B+B O *  |
|      o+SO.O o o |
|     . =*.o + =  |
|      +.     o . |
|     .           |
|                 |
+----[SHA256]-----+

二、在/root/.ssh下创建authorized_keys文件，将公钥追加到文件中

[root@localhost ~]# cd /root/.ssh  #进入目录
[root@localhost .ssh]# ls   
id_rsa  id_rsa.pub  known_hosts
[root@localhost .ssh]# touch authorized_keys  #创建文件
[root@localhost .ssh]# cat id_rsa.pub  >> authorized_keys  #将公钥追加到文件中

三、下载私钥

[root@localhost .ssh]# sz id_rsa

四、修改权限

[root@localhost .ssh]# chmod 700 /root/.ssh
[root@localhost .ssh]# chmod 600 /root/.ssh/authorized_keys 

   authorized_keys的权限为600或者更加严格，否则登录时会提示server refuse you key

五、修改ssh的配置文件

[root@localhost .ssh]# vim /etc/ssh/sshd_config
# To disable tunneled clear text passwords, change to no here!
PubkeyAuthentication yes  # 将密钥登录打开
#PermitEmptyPasswords no
PasswordAuthentication no   #关闭密码验证登录

六、重启ssh

[root@localhost .ssh]# systemctl restart sshd

七、FinalShell登录