ssh-keygen非交互式创建秘钥对

作者：马帅琦
归档：day38
时间：2019/4/23

1.ssh-keygen非交互式创建秘钥对：
具体命令：ssh-keygen -f ~/.ssh/id_rsa -P '' -q
参数讲解：

•    ssh-keygen：密钥对创建工具
  [-P old_passphrase]  密码
      [-f output_keyfile]  输出的秘钥文件
      [-q]       不输出信息      
  [-t dsa ]  指定秘钥类型。
  

2.ssh-copy-id不需要提示yes/no分发秘钥
具体命令：ssh-copy-id -f -i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no 172.16.1.8

参数讲解：
    ssh-copy-id  -f   -i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root172.16.1.8
ssh-copy-id [-f] [-i [identity_file]] [-p port] [[-o ] ...] [user@]hostname
说明：
-f: force mode 强制
[-i [identity_file]] 指定秘钥文件
[[-o ] ...] 指定ssh参数选项。

3.sshpass工具：指定密码非人工交互分发秘钥
sshpass -p123456 ssh-copy-id -f -i ~/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no" 172.16.1.7

[root@web02 ~]# sshpass -help
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
sshpass -p123456 ssh-copy-id -f -i ~/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no" 172.16.1.7
sshpass [-f|-d|-p|-e] [-hV] command parameters

参数讲解：
-p password   Provide password as argument (security unwise)    #指定用户密码操作

4.一键配置实践

把web02作为分发服务器：
web02（8）-->m01（61）
web02（8）-->web01（7）

ssh-keygen -f ~/.ssh/id_rsa  -P '' -q
ssh-copy-id -f -i ~/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no" 172.16.1.7
sshpass -p123456 ssh-copy-id -f -i ~/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no" 172.16.1.7

#!/bin/bash
#yum install sshpass -y
ssh-keygen -f ~/.ssh/id_rsa  -P '' -q
for ip in 7 61
do
  sshpass -p123456 ssh-copy-id -f -i ~/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no" 172.16.1.$ip
done
#test
ssh 172.16.1.7 "ifconfig eth0"
ssh 172.16.1.61 "ifconfig eth0"