命令 ssh-keyscan
描述 gather ssh public keys 批量获取ssh公钥
用法 1 ssh-keyscan [-46cHv] [-f file] [-p port] [-T timeout] [-t type] [host | addrlist namelist] ...
选项 1 2 3 4 5 6 7 8 9 10 Options: -4 使用IPv4地址 -6 使用IPv6地址 -c Request certificates from target hosts instead of plain keys -f file 指定地址列表文件addrlist namelist,如果为-则表示从标准输入读取 -H 对主机名或IP进行hash保存,避免信息泄漏 -p 指定端口 -T 指定超时时间,默认5s -t 指定密钥类型,可选参数为rsa,dsa,ecdsa,ed25519,可指定多个,用逗号分隔 -v 显示详情
注意 注意区分ssh-copy-id和ssh-keyscan
两个命令,ssh-copy-id
是添加本地ssh密钥对中的公钥到远程主机,用于ssh免密登录,ssh-keyscan
是获取远程主机的公钥信息,用于ssh登录时的主机校验,并不能实现远程登录
注意主机名和IP地址的公钥信息需要分别添加,也可按使用需求添加 如使用ssh hostname
则需要指定主机名,添加命令为ssh-keyscan node11
如使用ssh IP
则需要指定IP,添加命令为ssh-keyscan 192.168.31.11
示例 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 $ ssh-keyscan localhost localhost ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFvgOhbbSsK/8YQV5XcBEIJfAziEcOnW//7KLKjvX7bgdWGCsCXKtSBf28YXgMOsvSOeOJoXMrgbzsYwLLcl0Mc= localhost ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9xD52NLzd0yQ9qZeAb2z56Dc+uQ1WIrrEWRB/oPc4r2QBkWOhWDrXMW3DvvdTrGfuDYvtt9DLvug4f8ZSxoCCg/6amkFjw5OfRWGLf7XCb0sv/4rV9XVGRrccaVbLnQMk5JMrk0V5LJ8WLHtis29z4RLuvBsbJCaFtSYAoo9hFXpNR2LbzD0kqYS2+Ra5Cunr5o22k6JZKz1rfzAjVmFFKsfaTg6M+aCD55GzbXe5vf2iA6DOLXbyQ4sIsRptE53FMB+7fmfKuYd/iiYrME07oN+422a5j1wXc8UY/OCxNhMuH4ZsAJMltGTRupWMNqcYTsu4Nb+KkDpsZGA46TWb localhost ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIi8IpHNQujjoUULBFVwIPEEKWMI+gKjnqcxeeaiyZTw $ mkdri ~/.ssh $ chmod 600 ~/.ssh $ ssh-keyscan localhost >> ~/.ssh/known_hosts $ ssh-keyscan 127.0.0.1 >> ~/.ssh/known_hosts $ ssh localhost The authenticity of host 'localhost (127.0.0.1)' can not be established. ECDSA key fingerprint is SHA256:MkBmKcdMSh1NIhhu28+VXyqroW7AQKWfy+PXS5BdXmM. ECDSA key fingerprint is MD5:dd :b2:8c:82:91:00:f3:3f:ea:23:93:a0:5e:13:50:18. Are you sure you want to continue connecting (yes /no)? $ ssh localhost Last login: Sun Feb 13 17:01:18 2022 from 127.0.0.1 $ ssh-keyscan 192.168.31.21 192.168.31.21 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQJEKHtwfCnO+sgbLr1wLry2TfZd5RoZfFT09hYcKjzWhREsqK+KraAK9NhW7PysLfOeK7w8yeVceTsmfxUnavu+FkOqV97sj9gaAXmZ6Qd6fzBvcffqmL66Ra6b6N6VWbhAOBmwJw/UTPaCWijFjogd8P6byuWxpp98jA6W+rIC37h17SXxcew5LAB1YiWldVOiTGstuXZSChkeLHf8+7XVdRlZes2/4N7TYlSg/2wytdWL7fPXreiAou2+iuloNx31Zl2x++Cd8Jjo+65G8eH8QiDWlkkaZFnW4quGXp2WyvvrMZfybjqV3LVd6MPsE3UYXVj6MPFzWE4G0XtBTZuOCOyq6vtb3F1IyKqWKXcqWLUPUe5UjnCDcp/hQYesXLdnF7AgBBm0Reg17gZe4dgKzu64x3xHEisuGREleUBLQ0mmY4fPCD6BnYlzHk/1D9+Gl3ZvK8FB426TzketVEA6aZS8/nfALWsyKxyJwYrsEEMbIMcsDY8VmjfUqTBWM= 192.168.31.21 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI9vnM3jZCyV9adtajHBkqtZcUBI5h+L2uzRTyskKcZAbUtPNfYM7HExnr63TWfVQIKkrtAWlo/BExJePNyCRx4= 192.168.31.21 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaXibXFug039KdC1XeYqYFHnT1yltCU8JQB2oskjZ2K $ ssh-keyscan -H -t ecdsa 192.168.31.21 |1|aWikW3/lAOEE4D0rHJKRUW1ATrU=|SPhtiDlpcYVdT3tjy0hPRyjCbfo= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI9vnM3jZCyV9adtajHBkqtZcUBI5h+L2uzRTyskKcZAbUtPNfYM7HExnr63TWfVQIKkrtAWlo/BExJePNyCRx4= $ ssh-keyscan -H -t ecdsa 192.168.31.21 >> ~/.ssh/known_hosts $ cat ip.txt localhost 127.0.0.1 192.168.31.11 192.168.31.21 $ ssh-keyscan -f ip.txt -t ecdsa >> ~/.ssh/known_hosts 192.168.31.11 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFvgOhbbSsK/8YQV5XcBEIJfAziEcOnW//7KLKjvX7bgdWGCsCXKtSBf28YXgMOsvSOeOJoXMrgbzsYwLLcl0Mc= 192.168.31.21 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI9vnM3jZCyV9adtajHBkqtZcUBI5h+L2uzRTyskKcZAbUtPNfYM7HExnr63TWfVQIKkrtAWlo/BExJePNyCRx4= localhost ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFvgOhbbSsK/8YQV5XcBEIJfAziEcOnW//7KLKjvX7bgdWGCsCXKtSBf28YXgMOsvSOeOJoXMrgbzsYwLLcl0Mc= 127.0.0.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFvgOhbbSsK/8YQV5XcBEIJfAziEcOnW//7KLKjvX7bgdWGCsCXKtSBf28YXgMOsvSOeOJoXMrgbzsYwLLcl0Mc=