在 Shell Script 中避免互動式的 ssh-copy-id 的做法

這個問題其實不算問題,但就是有天在寫 Shell Script 時要用 ansible 做自動化時總是希望能一行搞定或不要有一些例外的問答跑出來

[jerryw@nuc5 ~]$ ssh-copy-id root@192.168.31.100
The authenticity of host '192.168.31.100 (192.168.31.100)' can't be established.
ECDSA key fingerprint is SHA256:+OCmHVeUnL7oIhtAPXQlhVNnTR5VEeL434aHFCsjzvU.
ECDSA key fingerprint is MD5:6e:92:af:23:d5:89:cd:fa:ea:85:b0:4c:08:56:29:55.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.31.100's password:[input_your_password]

要複製 public 至未曾加入過你的  known_host 的主機總是少不了幾次的互動,如確認遠端主機的記錄是不是在你的 known_host 及確認遠端電腦的 Password等,為了簡化這種互動式操作,可以透過下述的方式來處理

1.透過 ssh-keyscan 産生遠端主機的 fingerprint 並加到本機上的 known_host  (ssh-keyscan是在 openssl-client包內)

$ ssh-keyscan -f ~/.ssh/id_rsa.pub 192.168.31.100 >> ~/.ssh/known_hosts

2.透過 sshpass 將 password 轉導至 ssh-copy-id 至遠端主機 (password.txt 內填入遠端主機的密碼) 若沒有 sshpass 加一下 EPEL 安裝一下

$ sshpass -f password.txt ssh-copy-id root@192.168.31.100
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@192.168.31.100'"
and check to make sure that only the key(s) you wanted were added.

[jerryw@nuc5 ~]$

3.然後就可以直接連了,有這種方式後就可以透過腳本來排自動化了~ 🙂

$ ssh root@192.168.31.100
Last login: Sat Sep 29 02:01:19 2018 from 192.168.31.10
[root@rh442 ~]#

Author: jerryw1974

learning and focus on computer science, cloud infrastructure, virtualization and information security, technical, networking,platform system and cyber-security related topic.