参见<Linux bible 2006 edition>第212页

Using ssh, scp, and sftp Without Passwords
For machines that you use a great deal (particularly machines behind a firewall on
your LAN), it is often helpful to set them up so that you do not have to use a password
to log in. The following procedure shows you how to do that.
These steps take you through setting up password-less authentication from one
machine to another. In this example, the local user is named chester on a computer
named host1. The remote user is also chester on a computer named host2.
1. Log in to the local computer (in this example, I log in as chester to host1).
Run Step 2 only once as local user on your local workstation. Do not run it again
unless you lose your ssh keys. When configuring subsequent remote servers, skip
right to Step 3.
2. Type the following to generate the ssh key:
$ ssh-keygen -t dsa
3. Accept the defaults by pressing Enter at each request.
4. Type the following to copy the key to the remote server (replace chester
with the remote username and host2 with the remote host name):
$ cd ~/.ssh
$ scp id_dsa.pub chester@host2:/tmp
chester@host2’s password: *******
5. Type the following to add the ssh key to the remote user’s authorization keys
(the code should be on one line, not wrapped):
$ ssh chester@host2 ‘cat /tmp/id_dsa.pub >>
/home/chester/.ssh/authorized_keys2’
In the previous two steps you are asked for passwords. This is okay.
For the sshd daemon to accept the authorized_keys2 file you created, your
home directories and that file itself must have secure permissions. To secure
that file and those directories, type the following:
$ ssh chester@host2 chmod go-w $HOME $HOME/.ssh
$ ssh chester@host2 chmod 600 $HOME/.ssh/authorized_keys2
6. Type the following to remove the key from the temporary directory:
$ ssh chester@host2 rm /tmp/id_dsa.pub
You should not be asked for a password in the previous step.