1. 生成证书
ssh-keygen -b 2048 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ND2vY4SRBcuTRkh2EY06VKL25t1RcjL9T/pM3OFIXW4 root@master1
The key's randomart image is:
+---[RSA 2048]----+
| .+oB*. |
| oo=.*.. |
| o. .@ * + .|
| . .oo = O ....|
| o.S o ...oE|
| o . o o. o*o|
| . . = ...=|
| . . + |
| o|
+----[SHA256]-----+
2. 复制key到信任服务器
ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.100.32
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.100.32 (10.0.100.32)' can't be established.
ECDSA key fingerprint is SHA256:EAiKnUMzizL/WBC7Y+oC8WQzKLvVhh0TlXzIUr8HfXM.
ECDSA key fingerprint is MD5:f7:b4:5e:28:b3:fe:88:3c:5f:b7:9c:a9:c8:c5:2d:0d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.100.32's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.0.100.32'"
and check to make sure that only the key(s) you wanted were added.
END