主要是两个步骤
1.控制主机创建密钥对(私钥和公钥)
2.把密钥对的公钥加入对方的认证列表中
[root@vps ~]# ssh-keygen[root@vps ~]# ssh-copy-id user@192.168.9.111
ssh-keygen -t dsa
ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.9.111
如果不是使用ssh-copy-id 命令把本机的公钥id_rsa.pub添加了远程主机认证列表 authorized_keys中
可以使用免确认机器指纹参数免除第一次的yes确认直接登入,免除了“yes”确认
ssh -o StrictHostKeyChecking=no user@192.168.9.111
[root@vps ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:4iGGv/oqZhBk2wYs1+VIQBzeYNOh7zsfCUPa1N7d0EY root@vps
The key's randomart image is:
+---[RSA 2048]----+
|.oB=oo. E |
|.Bo*o+ o |
|+.* = o . o |
|.. X . . . + |
| .+ B + S . . |
|. + = + |
|. o + |
|.o .o . |
|o.o++o. |
+----[SHA256]-----+
[root@vps ~]#
[root@vps ~]# ssh-copy-id user@192.168.9.111
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.9.243 (192.168.9.243)' can't be established.
ECDSA key fingerprint is SHA256:eIe1dqiRPK325D/NXRvXDDNllNGNGXlreNh/o8jNXAY.
ECDSA key fingerprint is MD5:6c:c9:4f:da:6d:fd:3f:3c:8e:a8:69:f5:59:67:16:15.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@192.168.9.243's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'user@192.168.9.243'"
and check to make sure that only the key(s) you wanted were added.[root@vps ~]#
免交互批量分发公钥脚本:
#!/bin/bash
rm -rf /root/.ssh/id*
ssh-keygen -t dsa -f /root/.ssh/id_dsa -N ""
for ip in `cat ip`;
do sshpass -p passwd ssh-copy-id -i /root/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no $ip"
done