批量shell实现交互登录普通用户，切换root用户，并执行shell语句。

一、环境介绍

对300台服务器进行登录，增加jumpserver管理里用户。由于所有服务器root禁止登录，导致需要多层交互。

二、思路

1、通过expect批量shell实现交互登录普通用户，切换root用户，并执行shell语句。
2、python实现

三、shell实现

ps：感觉白写了，交互速度大概5秒一台。服务器数量大于50，建议用python实现。

1.功能脚本

[root@jumpserver shell_sctipt]# cat shell_rebound.exp
#!/usr/bin/expect

set sentence1 [lindex $argv 0]
set sentence2 [lindex $argv 1]
set sentence3 [lindex $argv 2]
spawn ssh saas@$sentence1

expect  "password:"
if { $sentence1==$sentence1 } {
send "$sentence2\r"
}

expect "$" 
if { $sentence1==$sentence1 } {
send "su root\r"
}

expect  "password:"
if { $sentence1==$sentence1 } {
send "$sentence3\r"
}

expect "#" 
if { $sentence1==$sentence1 } {
send "useradd olym_jumpserver
su olym_jumpserver
cd ~/
mkdir .ssh
chmod 700 .ssh
cd .ssh/
(cat << EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhzIuxp6WPSZJ02ImwUFl/TqMjerbKIZIaEd6FB4ETRpspyLYCPA/1oJ4N2HDMe+RFYPsp4u8geni2VxvMx2LkABUfUrRnDgStCsFdQjHduE1wVSvEoYD0EmaqInbh4wkUYLdU+3iizrV+vr2wH6chAhRf+iDSq35x58QV5pxtfS6UrqhWabQUjFcJfLNAgLUr5xSRJwie2V4VVkSFrFbJgPMUob1CO7ISpXWvseq5H8cRPu08tNXjC21HCK5vIFtoFPcTzIxfHCIhcfa/ey1EpEVr0yKwACzKyub4DmwonFxcpO/ErsqhO/AVDp9HzMuc4/x3eiuti4OH8DuqbgHr olym_jumpserver@izwz98ft7tasnlfweupijmz
EOF
) > /home/olym_jumpserver/.ssh/authorized_keys
chmod 600 /home/olym_jumpserver/.ssh/authorized_keys
exit
chmod 700 /etc/sudoers
echo 'olym_jumpserver ALL=(ALL)       NOPASSWD: ALL' >> /etc/sudoers
chmod 400 /etc/sudoers\r"
}

expect eof

可以直接测试执行，或者再写一层调用方脚本

expect shell_rebound.exp 10.29.185.159 Kxvhanabcd f9e_dnoabcd

2.调用脚本

#!/bin/bash
##create by xingcheng
##20180608

#setup1:
#变量
num=0 #用于计算读取saas和root密码的索引
ip_list0=(10.160.33.139 10.160.35.135 10.160.34.114 10.173.225.80) #xxx
ip_list1=(10.171.194.133 10.168.142.10) #xxx
ip_list2=(10.117.198.171 10.117.190.163 10.168.111.133 10.168.111.53 10.117.203.57 10.117.186.10 10.168.217.51 10.117.28.183) #xxx
ip_list3=(10.117.14.254 10.117.216.72 10.117.199.196) #xxx
ip_list4=(10.168.166.201) #xxx
ip_list5=(10.25.67.203 10.51.18.254 10.51.24.30 10.51.19.199 10.161.141.119 10.117.215.34 10.175.202.149 10.51.0.162 10.251.236.43 10.162.72.86 10.162.60.92 10.168.115.68 10.168.114.246 10.117.21.209 10.168.220.150 10.168.25.117 10.168.64.114 10.168.14.218 10.252.127.189 10.132.70.114 10.122.68.241 10.251.249.135 10.161.231.223 10.162.57.104 10.132.11.130)  #xxx
ip_list6=(10.168.19.142 10.162.96.34) #xxx
ip_list7=(10.165.101.149 10.160.4.181 10.161.218.92 10.161.179.88) #xxx
ip_list8=(10.162.103.18 10.51.0.124 10.252.164.128 10.251.255.128)  #xxx
saas_pass=('Kxxxxxj2' 'uxxxxxZ' 'bxxxxxi' 'qxxxxx(' 'Qxxxxxx#' 'nxxxxxd' 'FxxxxxS' 'wxxxxxxd' 'txxxxxq')  #如果含有特殊字符，要结合集体情况决定使用单引号还是双引号。这里非常容易导致脚本报错，或登录异常。
root_pass=('Lxxxxxh' "_B4xxxxxL" LxxxxxxS
 'qu4&lB<b{R&(' 'QrxxxxxC#' 'qxxxxr#' 'Yxxxxk' 'txxxxx9' 'hyxxxxxe') #如果含有特殊字符，要结合集体情况决定使用单引号还是双引号。这里非常容易导致脚本报错，或登录异常。
#例如：root_pass=("L.f9e_h" "_B45N8\A=/&+S>C'z9J34eHL" 'LgC#sdfd!GoS' "I6E2deebSjPau" "v3qsdAH#xxj" 'qa34er#$YJT90' "YNwwewSXyLTgDKWk")

#setup2:
IP_LIST=()
for I in $(seq 0 8)
do
  IP_LIST[$I]=ip_list$I
done
echo ${IP_LIST[@]}

#函数
next(){
for N in $(seq 0 $(eval echo $(echo '${#'$ip_list'[@]}'))) #计算数组元素个数并进行遍历
do
#   echo $(eval echo '${'$ip_list'[$N]}') saas ${saas_pass[$num]} ${root_pass[$num]}
   expect shell_rebound.exp  $(eval echo '${'$ip_list'[$N]}')  ${saas_pass[$num]} ${root_pass[$num]}
done
let num+=1
if [ $num -eq 9 ];then
  exit
fi

}

first(){
num1=0  #用于表示所有数组，便于复制数组
for K in $(echo ${IP_LIST[@]})
do
  ip_list=( ${IP_LIST[$num1]} )  #数组复制
  eval echo  '${'$ip_list'[@]}' #这里是数组名引用变量得用法
  let num1+=1
  next
done
}

#setup3:
first

四、决定换python实现

[root@jumpserver python_script]# cat !$
cat python_rebound.py
#!/usr/bin/env python

import time, paramiko, sys 

def verification_ssh(host,username,password,port,root_pwd): 
    cmd='''useradd olym_jumpserver
su olym_jumpserver
cd ~/
mkdir .ssh
chmod 700 .ssh
cd .ssh/
(cat << EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhzIuxp6WPSZJ02ImwUFl/TqMjerbKIZIaEd6FB4ETRpspyLYCPA/1oJ4N2HDMe+RFYPsp4u8geni2VxvMx2LkABUfUrRnDgStCsFdQjHduE1wVSvEoYD0EmaqInbh4wkUYLdU+3iizrV+vr2wH6chAhRf+iDSq35x58QV5pxtfS6UrqhWabQUjFcJfLNAgLUr5xSRJwie2V4VVkSFrFbJgPMUob1CO7ISpXWvseq5H8cRPu08tNXjC21HCK5vIFtoFPcTzIxfHCIhcfa/ey1EpEVr0yKwACzKyub4DmwonFxcpO/ErsqhO/AVDp9HzMuc4/x3eiuti4OH8DuqbgHr olym_jumpserver@izwz98ft7tasnlfweupijmz
EOF
) > /home/olym_jumpserver/.ssh/authorized_keys
chmod 600 /home/olym_jumpserver/.ssh/authorized_keys
exit
chmod 700 /etc/sudoers
echo 'olym_jumpserver ALL=(ALL)       NOPASSWD: ALL' >> /etc/sudoers
chmod 400 /etc/sudoers
'''
    s=paramiko.SSHClient()  
    s.load_system_host_keys()  
    s.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 
    s.connect(hostname = host,port=int(port),username=username, password=password) 
    if username != 'root': 
            ssh = s.invoke_shell() 
            time.sleep(0.1) 
            ssh.send('su - \n') 
            buff = '' 
            while not buff.endswith('Password: '): 
                resp = ssh.recv(9999) 
                buff +=resp 
            ssh.send(root_pwd) 
            ssh.send('\n') 
            buff = '' 
            while not buff.endswith('# '): 
                resp = ssh.recv(9999) 
                buff +=resp 
            ssh.send(cmd) 
            ssh.send('\n') 
            buff = '' 
            while not buff.endswith('# '): 
                resp = ssh.recv(9999) 
                buff +=resp
            s.close() 
            result = buff
    else:
        stdin, stdout, stderr = s.exec_command(cmd)
        str=''.join(stdout.read())
        print str
        result = stdout.read() 
        s.close()
    return result

def main():
    host = sys.argv[1]
    username = sys.argv[2]
    password = sys.argv[3]
    root_pwd = sys.argv[4]
    verification_ssh(host,username,password,22,root_pwd)



if __name__ == "__main__": 
   main()

可以参照这个
https://www.linuxidc.com/Linux/2016-08/134607.htm