In the system operation, it is possible to avoid the password through SSH login to the remote host, then the first need to copy the local public key to the remote host, with the Ssh-copy-id command can be easily done.
If a key pair is not generated, the key is generated before the public key is copied to the remote host, USERNAEM is the user name of the remote host, and host is the IP address or domain name of the remote host.
#生成密钥
SSH-KEYGEN-T RSA
#复制公钥到远程主机ssh-copy-id [email protected]
For a single remote host, direct use of the command is possible, but if there are many hosts, need a station operation, it is time-consuming and laborious. So what's the best way to replicate the public key to all hosts at once? To solve this problem, you need to automatically handle the two processes that require manual intervention when executing the Ssh-copy-id command.
One is to enter "Yse" to confirm when you see a prompt similar to the following.
The authenticity of host ' 10.10.5.133 (10.10.5.133) ' can ' t be established. RSA Key fingerprint is SHA256:anhO4ihOzEsun0zDRNAu8Wew9Bxntr7Di6qpJVAnXFQ.Are your sure you want to continue connecting (ye s/no)?
Second, you need to enter the password of the remote host
To solve the first problem, you can modify the configuration file or run the Ssh-copy-id command plus SSH related parameters.
#-O stricthostkeychecking=no, no public key acknowledgement when connecting to a new host
Ssh-copy-id-o stricthostkeychecking=no [email protected]
Or, in the current user directory of the. ssh/config file, add the following configuration item, if the. SSH directory does not have a config file, you can create it yourself.
Stricthostkeychecking=no
Then to solve the second problem, install the Sshpass command, in Ubuntu can be installed directly with the Apt-get command, under the CentOS, please Google search installation method, here does not explain.
Apt-get Install Sshpass
By installing the Sshpass command, you can run the command below without manual intervention to copy the SSH public key to the remote host.
Sshpass-p ' Your_password ' ssh-copy-id-o stricthostkeychecking=no [email protected]
If you use the Modify configuration file, the following command is available.
Sshpass-p ' lsu_201401 ' ssh-copy-id [email protected]
After solving the above two problems, the next thing is simple, you can log the remote host domain name or IP address in a file, such as recorded in the Remote-hosts file, run the following script will be able to bulk copy the public key to the remote host.
For host in $ (cat remote-hosts) do sshpass-p ' Your_password ' ssh-copy-id-o stricthostkeychecking=no [email protected ]${host}done
Note: The above script is the remote host password is the same, in the command line password hard-coded write dead, if each host's password is not the same, you can record the password in the Remote-hosts file, through the Cut command division, you can obtain the host's IP address or domain name and corresponding password, Of course, if the port number of SSH is not the default 22, it can be recorded together. As in the following format:
10.10.10.10:2222:yourpassword
You can modify the above script a little bit:
For host in $ (cat remote-hosts) do ip=$ (Echo ${host} | cut-f1-d ":") port=$ (Echo ${host} | Cut-f2-d ":") password=$ (Echo ${host} | cut-f3-d ":") sshpass-p ${password} ssh-copy-id-p ${port}-o stricthostkeychecking=no [email protected]${ip}done
Using Ssh-copy-id to replicate public keys to multiple servers