#ssh-copy-id命令实际是一个shell脚本,位于/usr/bin下,脚本内容如下:
#!/bin/sh
# Shell script to install your public key on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.
ID_FILE="${HOME}/.ssh/id_rsa.pub"
if [ "-i" = "$1" ]; then
shift
# check if we have 2 parameters left, if so the first is the new ID file
if [ -n "$2" ]; then
if expr "$1" : ".*\.pub" > /dev/null ; then
ID_FILE="$1"
else
ID_FILE="$1.pub"
fi
shift # and this should leave $1 as the target name
fi
else
if [ x$SSH_AUTH_SOCK != x ] ; then
GET_ID="$GET_ID ssh-add -L"
fi
fi
if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
GET_ID="cat ${ID_FILE}"
fi
if [ -z "`eval $GET_ID`" ]; then
echo "$0: ERROR: No identities found" >&2
exit 1
fi
if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
exit 1
fi
{ eval "$GET_ID" ; } | ssh $1 "exec sh -c 'umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)'" || exit 1
cat <<EOF
Now try logging into the machine, with "ssh '$1'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
EOF
升级openssh后,高版本的openssh-clinet已经没有该命令,对于常用此命令来做免密登陆的大佬们来说不是很方便,因此只需将此脚本复制拷贝到升级后的机器上,给予权限即可
chmod +x ssh-copy-id && mv ssh-copy-id /usr/bin
#使用案例 三步实现免密登陆
192.168.80.100 免密登陆 192.168.80.200
#192.168.80.100上生成公钥私钥
ssh-keygen -t rsa
#将80.100的公钥拷贝到目标机器80.200
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
注意:ssh-copy-id将key写到远程机器的~/.ssh/authorized_key文件中
#验证免密登陆
ssh [email protected]