[root@ssh-61 ~/.ssh]# ssh-keygen Generating public/private rsa key pair. Enter file inwhich to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:x+Xoxb/z59g68vS2DwPieixVCC01yXc83aJ6p/pYR+Y root@ssh-61 The key's randomart image is: +---[RSA 2048]----+ | +o. . ..| | o +.. = o| | o o.o o | | ..=o | | S =o= o | | +oo.*. | | oo..oE | | ..oooooBo| | .ooo.o=OX| +----[SHA256]-----+
[root@ssh-61 ~]# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file inwhich to save the key (/root/.ssh/id_dsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: SHA256:fW5GHPjirQZoiZhX1tXwnvwWxdjRWgFnsAiLTsyo1Is root@ssh-61 The key's randomart image is: +---[DSA 1024]----+ | ..o oo=o| | . + . +oo +++| | . o * o..o..o+| | . o * .. = o.. | | E = +S o O . | | o o + .. * . . | | . . .. = o | | .+ . | | .. | +----[SHA256]-----+
3.1.2 分发公钥
第一种方式:默认参数
1 2 3 4 5 6 7 8 9 10 11 12 13 14
[root@ssh-61 ~]# ssh-copy-id 172.16.1.41 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '172.16.1.41 (172.16.1.41)' can't be established. ECDSA key fingerprint is SHA256:wpba7z96j3rm+efG7Ior294sbdQ/qlFFdt+/WNuH3N0. ECDSA key fingerprint is MD5:66:39:31:20:fc:85:40:2d:d2:83:9c:eb:0b:ca:d2:5b. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@172.16.1.41's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '172.16.1.41'" and check to make sure that only the key(s) you wanted were added.
#!/bin/bash for ip in {31,41} do sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub 172.16.1.$ip -o StrictHostKeyChecking=no &>/dev/null if [ $? -eq 0 ] then echo"===============pub_key fenfa ok with 172.16.1.$ip=========================" ssh 172.16.1.${ip} hostname echo"" else echo"===============pub_key fenfa failed with 172.16.1.$ip=========================" echo"" fi done