为了保证一台Linux主机的安全，主机登录的时候一般都设置账号密码登录。但是很多时候为了操作方便，通过设置SSH免密码登录。

本地生成公私钥对

ssh-keygen -t rsa
会输出：

root@armbian:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:lanDF6885d+oUIbwD6tQnmd2l+zqh408faEq0LaQJiw root@armbian
The key's randomart image is:
+---[RSA 3072]----+
|                 |
|           o     |
|        . =      |
|       . = +     |
|    .   S = =    |
|   E o B B X . o |
|    . + * @.+== .|
|       . B +==+o.|
|        . .o==+..|
+----[SHA256]-----+

在~/.ssh目录下会生成两个文件：id_rsa.pub和id_rsa。

上传公钥到目标机器

ssh-copy-id admin@192.168.0.3
输出：

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
admin@192.168.0.3's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'admin@192.168.0.3'"
and check to make sure that only the key(s) you wanted were added.

在目标机器~/.ssh目录下会生成authorized_keys。

测试

ssh admin@192.168.0.3
此时已不需要输入密码。
exit 退出登录。

免密登录在使用ssh传输文件的脚本时很方便。
免密码登录的处理是用户对用户的，切换其他用户后，仍然需要输入密码。