(1) 脚本build_ssh_trust_relation.sh 内容如下:
#!/usr/bin/expect
##############################################################################
# 文 件 名 : build_ssh_trust_relation.sh
# 作 者 :
# 生成日期 :
# 功能描述 : 建立双机信任关系
# 最近修改 : 无
# 修改历史 :
# 1.日 期 :
# 作 者 :
# 修改内容 :
##############################################################################
set prefix "\033\[1;31m>>>\033\[0m"
proc usage {} {
regsub ".*/" $::argv0 "" name
send_user "Usage:\n"
send_user " $name \[user@]host password\n"
send_user "\n"
send_user "Report bugs to <\033\[1;31mdearvoid@263.net\033\[0m>\n"
exit 1
}
proc check_id_files {} {
if {! [file exists $::id_file]} {
send_user "$::prefix id file not found, try creating ...\n"
if {[catch { spawn ssh-keygen -t rsa } error]} {
send_error "$::prefix $error\n"
exit 1
}
expect -nocase -re "\(.*\):"
send -- "\r"
expect -nocase -re "passphrase.*:"
send -- "\r"
expect -nocase -re "passphrase.*again:"
send -- "\r"
expect eof
send_user "$::prefix id file successfully created\n"
}
}
proc remove_known_hosts_entry {host} {
regsub ".*/" $::argv0 "" name
set tmp_file "/tmp/$name.tmp"
set known_hosts "$::env(HOME)/.ssh/known_hosts"
send_user "$::prefix trying to remove '$host' from ~/.ssh/known_hosts ... "
if {[catch {
set fd_known_hosts [open $known_hosts r]
set fdTmp [open $tmp_file w]
while 1 {
gets $fd_known_hosts line
if [eof $fd_known_hosts] {
break
}
if [regexp "(\[^, ]+,)*${host}(,\[^, ]+)* " $line] {
continue
}
puts $fdTmp $line
}
close $fd_known_hosts
close $fdTmp
file rename -force $tmp_file $known_hosts
send_user "OK\n"
} error]} {
send_user "failed\n"
send_user "$::prefix $error\n"
exit 1
}
}
## get host and password from command line parameters
if {[llength $argv] != 2} {
usage
}
set user@host [lindex $argv 0]
set passwd [lindex $argv 1]
## create public key file if not found
set id_file "$env(HOME)/.ssh/id_rsa.pub"
check_id_files
## ssh to host
set yes_no 0
set ok_string SUCCESS
set timeout 5
set done 0
while {!$done} {
spawn ssh ${user@host} echo $ok_string
expect {
-nocase -re "yes/no" {
set yes_no 1
send -- "yes\r"
set done 1
}
-nocase -re "password: " {
set done 1
}
$ok_string {
send_user "$prefix ok\n"
exit 0
}
"@@@@@@@@@@@@@@@@@@@@" {
expect eof
set indexOfAtSign [string first "@" ${user@host}]
incr indexOfAtSign
set hostname [string range ${user@host} $indexOfAtSign end]
remove_known_hosts_entry $hostname
}
eof {
send_error "$prefix failed\n"
exit 1
}
timeout {
send_error "$prefix timeout\n"
exit 16
}
}
}
if {$yes_no} {
expect {
$ok_string {
send_user "$prefix ok\n"
exit 0
}
-nocase -re "password: " {}
}
}
send -- "$passwd\r"
expect {
-nocase "try again" {
send_error "$prefix passwd error\n"
exit 11
}
-nocase "password:" {
send_error "$prefix passwd error\n"
exit 11
}
$ok_string {}
}
expect eof
## append public key file to remote host's ~/.ssh/authorized_keys
if {[catch {
set IDFILE [open $id_file RDONLY]
set pub_key [read $IDFILE]
close $IDFILE
} error]} {
send_error "$prefix $error\n"
exit 1
}
set pub_key [string trimright $pub_key "\r\n"]
spawn ssh ${user@host} "cd; mkdir .ssh 2> /dev/null; echo '$pub_key' >> .ssh/authorized_keys"
expect -nocase -re "password:"
send -- "$passwd\r"
expect eof
send_user "$prefix gook luck\n"
(2) 执行脚本,创建两台linux机器之间的信任关系:
linux:/home # ./build_ssh_trust_relation.sh root@10.137.10.10 password
spawn ssh root@10.137.10.10 echo SUCCESS
Password:
SUCCESS
spawn ssh root@10.137.10.10 cd; mkdir .ssh 2> /dev/null; echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5voAOS1tZb9WIE1GP1K+5q4Eqn3V9BP+/NNcELFgLHVLjlAokcOcM/01kVtptHVK6+OFqRA8HPcirF9R0YnYJZojOzflDtOPO1zK3UGpNHw790vRSEs/KB6gdvnhYfBLnNLAf3S0cdE8pE6JMBH5WPK8/ZcYaB3pVvMTtMMFkbdNuYjE2KE6RLfozYbrtFS9tOFqx9pY317YEuUnGjlpTFagEpO8AtMTkCkY8KRVz+MPbzMvg4yAgMM3jVSD8rfsrUKGjHOLk5By/VVfx2AKpnGLgTQ+3ptoQin1WmgZDEhYX5JrRoqpOn5SYxJOyngrXaP5vN5C+HaZhclBAZpctQ== root@linux' >>.ssh/authorized_keys
Password:
>>> gook luck
(3) 测试
linux:/home # ssh 10.137.10.10
Last login: Sat Oct 12 13:00:15 2013 from 10.137.10.136
2869
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
