我正在表演:
# copy public key to other hosts
for host in ec2-master.eu-west-1.compute.amazonaws.com \
ec2xxx.compute.amazonaws.com \
ec2xxx.compute.amazonaws.com; \
do ssh-copy-id -i ~/.ssh/id_rsa.pub $host; \
done
所以我尝试将我在ec2-master.eu-west-1.compute.amazonaws.com上生成的密钥复制到其他服务器上。 但我还是得到了
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
The authenticity of host 'ec2xxx.eu-west-1.compute.amazonaws.com (10.0.xx.xx)' can't be established.
ECDSA key fingerprint is 3a:63xx:a6:19:xx:23:d1:xx:06:22:xx:a0:b9:8c:xx:cf.
Are you sure you want to continue connecting (yes/no)?
所以我得到了拒绝的许可。但我不知道为什么。我做错了什么?
答案 0 :(得分:0)
尝试将 ssh-copy-id命令更改为:
ssh-copy-id -i ~/.ssh/id_rsa.pub ec2-user@$host
(假设您正在使用Amazon Linux - 如果您使用的是Ubuntu,请使用 ubuntu)
<强>更新
我认为问题可能是因为您尝试将新密钥复制到仅使用现有密钥接受登录的主机(不允许密码)。
我无法使用ssh-copy-id,但您可以使用标准的ssh命令执行此操作:
cat ~/.ssh/id_rsa.pub | ssh -i AWS_key.pem centos@$host "cat - >> ~/.ssh/authorized_keys"
其中AWS_key.pem是AWS在您启动实例时附加到您的实例的密钥对的私有部分。
答案 1 :(得分:0)
我使用这个脚本,它适用于我: try你试试这个
for host in ${hosts[*]}
do
echo $host
ssh-keyscan $host | tee -a ~/.ssh/known_hosts
sshpass -p 'mypass' ssh-copy-id myuser@$host
done