這個問題其實不算問題,但就是有天在寫 Shell Script 時要用 ansible 做自動化時總是希望能一行搞定或不要有一些例外的問答跑出來
[jerryw@nuc5 ~]$ ssh-copy-id root@192.168.31.100 The authenticity of host '192.168.31.100 (192.168.31.100)' can't be established. ECDSA key fingerprint is SHA256:+OCmHVeUnL7oIhtAPXQlhVNnTR5VEeL434aHFCsjzvU. ECDSA key fingerprint is MD5:6e:92:af:23:d5:89:cd:fa:ea:85:b0:4c:08:56:29:55. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.31.100's password:[input_your_password]
要複製 public 至未曾加入過你的 known_host 的主機總是少不了幾次的互動,如確認遠端主機的記錄是不是在你的 known_host 及確認遠端電腦的 Password等,為了簡化這種互動式操作,可以透過下述的方式來處理
1.透過 ssh-keyscan 産生遠端主機的 fingerprint 並加到本機上的 known_host (ssh-keyscan是在 openssl-client包內)
$ ssh-keyscan -f ~/.ssh/id_rsa.pub 192.168.31.100 >> ~/.ssh/known_hosts
2.透過 sshpass 將 password 轉導至 ssh-copy-id 至遠端主機 (password.txt 內填入遠端主機的密碼) 若沒有 sshpass 加一下 EPEL 安裝一下
$ sshpass -f password.txt ssh-copy-id root@192.168.31.100 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.31.100'" and check to make sure that only the key(s) you wanted were added. [jerryw@nuc5 ~]$
3.然後就可以直接連了,有這種方式後就可以透過腳本來排自動化了~ 🙂
$ ssh root@192.168.31.100 Last login: Sat Sep 29 02:01:19 2018 from 192.168.31.10 [root@rh442 ~]#
你必須 登入 才能發表評論。