[CetOS7]ssh信任

1. 生成证书

ssh-keygen -b 2048 -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ND2vY4SRBcuTRkh2EY06VKL25t1RcjL9T/pM3OFIXW4 root@master1
The key's randomart image is:
+---[RSA 2048]----+
|     .+oB*.      |
|     oo=.*..     |
|    o. .@ * +   .|
|   . .oo = O ....|
|      o.S o ...oE|
|     o . o o. o*o|
|      . . =  ...=|
|         . .   + |
|                o|
+----[SHA256]-----+

2. 复制key到信任服务器

ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.100.32

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.100.32 (10.0.100.32)' can't be established.
ECDSA key fingerprint is SHA256:EAiKnUMzizL/WBC7Y+oC8WQzKLvVhh0TlXzIUr8HfXM.
ECDSA key fingerprint is MD5:f7:b4:5e:28:b3:fe:88:3c:5f:b7:9c:a9:c8:c5:2d:0d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.100.32's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '10.0.100.32'"
and check to make sure that only the key(s) you wanted were added.

END