Linux通过脚本配置服务器互信和免密登录
使用方法
复制脚本内容,修改服务器IP,用户名,密码参数,直接运行即可。
若无expect命令需先安装expect
yum -y install expect
配置互信脚本
autoSSH.sh
#!/bin/bash
# author:Fire
# 使用办法: 在任意一台服务器上运行该脚本,则可以使指定服务器集群之间实现SSH互信
# 以下变量从上到下为主机IP数组,配置SSH的用户名数组,密码数组
servers=(10.0.0.41 10.0.0.42 10.0.0.43)
users=(root root root)
passwords=(123456 123456 123456)
function checkSize() {
server_size=${#servers[@]}
user_size=${#users[@]}
password_size=${#passwords[@]}
if [ $server_size -ne $user_size ] || [ $server_size -ne $password_size ]; then
echo "参数数量不匹配"
exit 1
fi
size=$server_size
}
function createRsa() {
user=$1
server=$2
password=$3
/usr/bin/expect <<EOF
set timeout 1
spawn ssh $user@$server
expect "yes" {
send "yes\n";
}
expect "password:" {
send "$password\r";
}
expect "*#*#*#"
expect " ~]" {
send "ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa\r";
}
expect "Overwrite" {
send "no\n";
}
expect " ~]" {
send "exit\r";
}
expect "*#*#*#"
EOF
}
function sendRsaKey() {
user01=$1
server01=$2
password01=$3
user02=$4
server02=$5
password02=$6
/usr/bin/expect <<EOF
set timeout 1
spawn ssh $user01@$server01
expect "yes" {
send "yes\n";
}
expect "password:" {
send "$password01\r";
}
expect "*#*#*#"
expect " ~]" {
send "ssh-copy-id -i ~/.ssh/id_rsa.pub $user02@$server02\r";
}
expect "yes" {
send "yes\n";
}
expect "password:" {
send "$password02\r";
}
expect " ~]" {
send "exit\r";
}
expect "*#*#*#"
EOF
}
# 下面是主函数
size=0
checkSize
for((i=0;i<$size;i++));
do
createRsa ${users[$i]} ${servers[$i]} ${passwords[$i]}
done
for((i=0;i<$size;i++));
do
for((j=0;j<$size;j++));
do
sendRsaKey ${users[$i]} ${servers[$i]} ${passwords[$i]} ${users[$j]} ${servers[$j]} ${passwords[$j]}
done
done
## 主函数结束
注:请将脚本IP改为您需要配置互信的服务器
添加服务器节点互信的脚本
addServerToSSH.sh
#!/bin/bash
# author:Fire
# 使用办法: 在任意一台服务器上运行该脚本,则可以使指定服务器集群之间实现SSH互信
# 以下变量从上到下为
#已配置SSH互信的主机IP数组,配置SSH的用户名数组,密码数组
#需要和已配置SSH互信的主机建立SSH互信关系的IP数组,配置SSH的用户名数组,密码数组
servers=(10.0.0.41 10.0.0.42 10.0.0.43)
users=(root root root)
passwords=(123456 123456 123456)
add_servers=(10.0.0.44 10.0.0.45)
add_users=(root root)
add_passwords=(123456 123456)
function checkSize() {
server_size=${#servers[@]}
user_size=${#users[@]}
password_size=${#passwords[@]}
if [ $server_size -ne $user_size ] || [ $server_size -ne $password_size ]; then
echo "参数数量不匹配"
exit 1
fi
size=$server_size
add_server_size=${#add_servers[@]}
add_user_size=${#add_users[@]}
add_password_size=${#add_passwords[@]}
if [ $add_server_size -ne $add_user_size ] || [ $add_server_size -ne $add_password_size ]; then
echo "参数数量不匹配"
exit 1
fi
add_size=$add_server_size
}
function createRsa() {
user=$1
server=$2
password=$3
/usr/bin/expect <<EOF
set timeout 1
spawn ssh $user@$server
expect "yes" {
send "yes\n";
}
expect "password:" {
send "$password\r";
}
expect "*#*#*#"
expect " ~]" {
send "ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa\r";
}
expect "Overwrite" {
send "no\n";
}
expect " ~]" {
send "exit\r";
}
expect "*#*#*#"
EOF
}
function sendRsaKey() {
user01=$1
server01=$2
password01=$3
user02=$4
server02=$5
password02=$6
/usr/bin/expect <<EOF
set timeout 1
spawn ssh $user01@$server01
expect "yes" {
send "yes\n";
}
expect "password:" {
send "$password01\r";
}
expect "*#*#*#"
expect " ~]" {
send "ssh-copy-id -i ~/.ssh/id_rsa.pub $user02@$server02\r";
}
expect "yes" {
send "yes\n";
}
expect "password:" {
send "$password02\r";
}
expect " ~]" {
send "exit\r";
}
expect "*#*#*#"
EOF
}
# 下面是主函数
size=0
add_size=0
checkSize
for((i=0;i<$add_size;i++));
do
createRsa ${add_users[$i]} ${add_servers[$i]} ${add_passwords[$i]}
done
for((i=0;i<$size;i++));
do
for((j=0;j<$add_size;j++));
do
sendRsaKey ${users[$i]} ${servers[$i]} ${passwords[$i]} ${add_users[$j]} ${add_servers[$j]} ${add_passwords[$j]}
sendRsaKey ${add_users[$j]} ${add_servers[$j]} ${add_passwords[$j]} ${users[$i]} ${servers[$i]} ${passwords[$i]}
done
done
for((i=0;i<$add_size;i++));
do
for((j=0;j<$add_size;j++));
do
sendRsaKey ${add_users[$i]} ${add_servers[$i]} ${add_passwords[$i]} ${add_users[$j]} ${add_servers[$j]} ${add_passwords[$j]}
done
done
## 主函数结束
注:请将脚本IP改为您需要配置互信的服务器
原理讲解
autoSSH.sh是给新集群配置SSH互信,让集群中所有机器两两之间都可以SSH免密登录
脚本参数:
# 以下变量从上到下为主机IP数组,配置SSH的用户名数组,密码数组
servers=(10.0.0.41 10.0.0.42 10.0.0.43)
users=(root root root)
passwords=(123456 123456 123456)
脚本逻辑:
- 逐个登录服务器,使用ssh-keygen命令,生成ssh公钥认证所需的公钥和私钥文件
- 逐个登录服务器,使用ssh-copy-id命令,将公钥复制到远程机器中
addServerToSSH.sh是将新节点加入集群的SSH互信中去,让集群中所有机器两两之间都可以SSH免密登录
脚本参数:
# 以下变量从上到下为
#已配置SSH互信的主机IP数组,配置SSH的用户名数组,密码数组
#需要和已配置SSH互信的主机建立SSH互信关系的IP数组,配置SSH的用户名数组,密码数组
servers=(10.0.0.41 10.0.0.42 10.0.0.43)
users=(root root root)
passwords=(123456 123456 123456)
add_servers=(10.0.0.44 10.0.0.45)
add_users=(root root)
add_passwords=(123456 123456)
脚本逻辑:
- 逐个登录新的服务器,使用ssh-keygen命令,生成ssh公钥认证所需的公钥和私钥文件
- 逐个登录旧服务器,使用ssh-copy-id命令,将公钥逐个复制到新服务器中
- 逐个登录新服务器,使用ssh-copy-id命令,将公钥逐个复制到旧服务器中
- 逐个登录新服务器,使用ssh-copy-id命令,将公钥逐个复制到新服务器中
原文链接:https://blog.csdn.net/qq_19344391/article/details/116325172